Configuring Ping Identity for single sign-on (SSO)

Before you can start using single sign-on (SSO) to log into Ometria, you'll need to configure your Ping account to make sure it works with Ometria.

Ping's documentation: PingOne SSO

Before you begin 

You'll need an account with Ping Identity.

Configure your Ping Identity SAML app

Log into the Ping Identity panel and go to Applications.

Select the  icon (+):

The Add Application screen displays:

Enter an Application Name (e.g. 'Ometria') and a description if you like.

Next, select SAML Application and then Configure.

Under SAML Configuration, complete the following fields:

Save your changes.

You've now created an integration with Ometria.

Select the Attribute Mappings tab from the overview, then click on the edit icon :

Make sure that the saml_subject attribute is mapped to Email Address:

Next, go to the Configuration tab and select the Edit button :

Go to the Signing Key section and:

• select Sign Response
• Set the SUBJECT NAMEID FORMAT field to: "rn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

Save your changes.

Finally, click Download Signing Certificate and download your SAML certificate as a X509 PEM .crt file:

Make a note of your Single Signon Service URL - you'll need to provide this to the Ometria Support team.

Enable single sign-on for Ometria

Now that you've configured your Ping Identity account, please raise a request with the Ometria Support Team.

Select a general support request, then choose a "Request" query type and select SSO setup.

You'll be asked to provide information about your Ping Identity account, as well as your Single Signon Service URL and the Signing Certificate you downloaded. 

The team will let you know once your request has been processed and you can start using it.

Once you've confirmed it's working, consider making this feature mandatory for all users in your account.