Ping Identity SSO Setup

This article outlines how to setup SSO with Ping Identity

Rachel Yonan avatar
Written by Rachel Yonan
Updated over a week ago

Ping Identity is an SSO Provider that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Ping Identity as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Security Journey as the Service Provider (SP).

All SSO communication takes place over TLS/SSL.

Configuring Ping Identity

The first thing you need to do is log in to your Ping Identity account and add Security Journey to your application.

To add the Security Journey app:

  1. Click "Applications"

  2. "Add Application"

  3. "New SAML Application"

  4. Select "SP Initiated SSO"

Use the settings found below. You will need to map your email address field in the SAML claims. We do support mapping additional learner attributes. For more information on what fields we support and configuration details check out this article.

SP Connection

Entity ID:


 urn:amazon:cognito:sp:us-east-1_CHi5tsM8X   

Base URL:

Browser SSO

It is important that SP-Initiated SSO is enabled under SAML Profiles.

Assertion Creation

For attribute contracts, make sure to the Name ID Format is:

urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

And the ApplicationUsername attribute is set to:

urn:oasis:names:tc:SAML:2.0:attrname-format:basic

Protocol Settings

Assertion Consumer Service URL Endpoint:

https://auth.hackedu.com/saml2/idpresponse (POST) 

Metadata File (For Reference)

<?xml version="1.0"?>
<md:EntityDescriptor entityID="urn:amazon:cognito:sp:us-east-1_CHi5tsM8X" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>MIICvDCCAaSgAwIBAgIIF7E0eYsy6vowDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UEAwwTdXMtZWFzdC0xX0NIaTV0c004WDAeFw0yMDAyMTExNzAzNTJaFw0zMDAyMTExNzAzNTJaMB4xHDAaBgNVBAMME3VzLWVhc3QtMV9DSGk1dHNNOFgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZjreEolViBOYRCxE5SaNHLk0EbSQ3ndVXrhtqmF5fG84JP8hQmAIdCBBtDu44vhyzv1a/a53w4CiccYw8D79rV9gX46vX4/hdqVTgXD/BEtWJwlkUZrgT3vXcXPj3Je83nbtEzxeijvRNU+YDxIw7IzEtZNi7oxoL63YSfnsTe5BNwaZ4nLH5DpwESxAk8nflp2IQIfLOOXWQncBHOeTpOKI5dZfF/8WYLk5if785dPKCjQyTihgyMzcKERhq2mDm9vjzuLHKp05dgQ8eH30oXd1fKfVbDM730VWSKfrNbMktAnsJs9qCehczk5mGnRps+H3ERkkeRyh8yQacuY2rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJA0IHi2RlFmLOzVfQ9AjF0n1G9lJ4HHXmdj+3DdXTE7bt8I1Gdb+Rcd7O+TXX+0COYGGuRBpeG+yW/BH5lU78Rccr+QhpQuLmU5C9tzpViSO0/Y3PpxOeAbKQnC1BRj25Ycra+iFMpaTeu/M+s+cXRfJ1dVqnzn5ncrvseOziP9IRhSvBbiv4CVi7Im4cqBpY17CtbFeE0RY9IC2YAjNDKqSNqlfB+Zr44JgoXMlxfpIElwdNmXSYt7qTMKhSDBdfNTEatIbmeHAFeIi0xx1UofRPHGSdaB2PdwSVpjyP0a9tUgJ1vC+zwKq+FsCcqlj4USztKuE9gIX3zK69ucch8=</X509Certificate>
        </X509Data>
      </KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://auth.hackedu.com/saml2/idpresponse" index="1"/>
  </md:SPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en-US">HackEDU, Inc.</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en-US">HackEDU</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en-US">https://hackedu.com</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="technical">
    <md:GivenName>Support</md:GivenName>
    <md:EmailAddress>support@hackedu.com</md:EmailAddress>
  </md:ContactPerson>
  <md:ContactPerson contactType="support">
    <md:GivenName>Support</md:GivenName>
    <md:EmailAddress>support@hackedu.com</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>


Upload Metadata File to HackEDU

Download the "Certificate" and "SAML Metadata" file and ensure that the attribute mapping Email is sent as the ApplicationUsername.

Did this answer your question?