Ping Identity is an SSO Provider that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Ping Identity as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Security Journey as the Service Provider (SP).
All SSO communication takes place over TLS/SSL.
Configuring Ping Identity
The first thing you need to do is log in to your Ping Identity account and add Security Journey to your application.
To add the Security Journey app, click "Applications", then "Add Application", then "New SAML Application", and select "SP Initiated SSO".
Use the settings found below. You will need to map your email address field in the SAML claims as well.
SP Connection
Entity ID: urn:amazon:cognito:sp:us-east-1_CHi5tsM8X
Base URL:
https://app.hackedu.com/login?domain=YOUR_DOMAIN.COM
Browser SSO
It is important that SP-Initiated SSO is enabled under SAML Profiles.
Assertion Creation
For attribute contracts, make sure to the Name ID Format is: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
And the ApplicationUsername attribute is set to urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Protocol Settings
Assertion Consumer Service URL Endpoint: https://auth.hackedu.com/saml2/idpresponse (POST)
Metadata File (For Reference)
<?xml version="1.0"?>
<md:EntityDescriptor entityID="urn:amazon:cognito:sp:us-east-1_CHi5tsM8X" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIICvDCCAaSgAwIBAgIIF7E0eYsy6vowDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UEAwwTdXMtZWFzdC0xX0NIaTV0c004WDAeFw0yMDAyMTExNzAzNTJaFw0zMDAyMTExNzAzNTJaMB4xHDAaBgNVBAMME3VzLWVhc3QtMV9DSGk1dHNNOFgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZjreEolViBOYRCxE5SaNHLk0EbSQ3ndVXrhtqmF5fG84JP8hQmAIdCBBtDu44vhyzv1a/a53w4CiccYw8D79rV9gX46vX4/hdqVTgXD/BEtWJwlkUZrgT3vXcXPj3Je83nbtEzxeijvRNU+YDxIw7IzEtZNi7oxoL63YSfnsTe5BNwaZ4nLH5DpwESxAk8nflp2IQIfLOOXWQncBHOeTpOKI5dZfF/8WYLk5if785dPKCjQyTihgyMzcKERhq2mDm9vjzuLHKp05dgQ8eH30oXd1fKfVbDM730VWSKfrNbMktAnsJs9qCehczk5mGnRps+H3ERkkeRyh8yQacuY2rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJA0IHi2RlFmLOzVfQ9AjF0n1G9lJ4HHXmdj+3DdXTE7bt8I1Gdb+Rcd7O+TXX+0COYGGuRBpeG+yW/BH5lU78Rccr+QhpQuLmU5C9tzpViSO0/Y3PpxOeAbKQnC1BRj25Ycra+iFMpaTeu/M+s+cXRfJ1dVqnzn5ncrvseOziP9IRhSvBbiv4CVi7Im4cqBpY17CtbFeE0RY9IC2YAjNDKqSNqlfB+Zr44JgoXMlxfpIElwdNmXSYt7qTMKhSDBdfNTEatIbmeHAFeIi0xx1UofRPHGSdaB2PdwSVpjyP0a9tUgJ1vC+zwKq+FsCcqlj4USztKuE9gIX3zK69ucch8=</X509Certificate>
</X509Data>
</KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://auth.hackedu.com/saml2/idpresponse" index="1"/>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en-US">HackEDU, Inc.</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en-US">HackEDU</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en-US">https://hackedu.com</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>Support</md:GivenName>
<md:EmailAddress>support@hackedu.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:GivenName>Support</md:GivenName>
<md:EmailAddress>support@hackedu.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
Automatically Sync Teams to HackEDU (optional)
If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.
Upload Metadata File to HackEDU
Download the "Certificate" and "SAML Metadata" file and ensure that the attribute mapping Email is sent as the ApplicationUsername.