Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Single Sign-on for Ping Identity

Step-by-step guide to setting up Ping Identity as your SAML SSO provider for Security Journey.

Ping Identity

This article explains how to configure SAML SSO between Ping Identity (IdP) and Security Journey (Service Provider). All SSO communication uses TLS/SSL

Prerequisites

  • Admin access to Security Journey

  • Access to Ping Identity to create a SAML application

  • Ability to map Email in SAML claims

Step 1: Create a New SAML Application in Ping Identity

  1. Log in to Ping Identity.

  2. Go to ApplicationsAdd Application.

  3. Select New SAML Application.

  4. Choose SP Initiated SSO.

Step 2: Configure the SP Connection

Use the following values in Ping:

  • Entity ID: urn:amazon:cognito:sp:us-east-1_CHi5tsM8X 

  • Base URL: https://my.securityjourney.com/login/?domain=custommerdomain.com

Note: Replace custommerdomain.com with your company domain

Step 3: Enable SP-Initiated Browser SSO

In Ping Identity SAML Profiles, confirm that:

  • SP-Initiated SSO is enabled

Step 4: Configure Assertion Creation / Attribute Settings

In the attribute contract settings, ensure:

  • Name ID Format:
    urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified 

  • ApplicationUsername attribute set to:
    urn:oasis:names:tc:SAML:2.0:attrname-format:basic

 

Important: Your Email field must be mapped and sent as the ApplicationUsername.

Step 5: Configure Protocol Settings

Set the Assertion Consumer Service (ACS) URL endpoint to:

  • https://auth.hackedu.com/saml2/idpresponse (POST) 

Step 6: Export Metadata and Upload to Security Journey

  1. From Ping Identity, download the:

    • SAML Metadata

  2. In Security Journey, upload your metadata file:

    • Go to Admin → Settings

  3. Confirm that Email is mapped and sent as ApplicationUsername

Need to Map More Than Email?

Security Journey supports mapping additional learner attributes via SSO. EmailAddress is the only required field. 

Metadata File (For Reference)

<?xml version="1.0"?>
<md:EntityDescriptor entityID="urn:amazon:cognito:sp:us-east-1_CHi5tsM8X" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>MIICvDCCAaSgAwIBAgIIF7E0eYsy6vowDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UEAwwTdXMtZWFzdC0xX0NIaTV0c004WDAeFw0yMDAyMTExNzAzNTJaFw0zMDAyMTExNzAzNTJaMB4xHDAaBgNVBAMME3VzLWVhc3QtMV9DSGk1dHNNOFgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZjreEolViBOYRCxE5SaNHLk0EbSQ3ndVXrhtqmF5fG84JP8hQmAIdCBBtDu44vhyzv1a/a53w4CiccYw8D79rV9gX46vX4/hdqVTgXD/BEtWJwlkUZrgT3vXcXPj3Je83nbtEzxeijvRNU+YDxIw7IzEtZNi7oxoL63YSfnsTe5BNwaZ4nLH5DpwESxAk8nflp2IQIfLOOXWQncBHOeTpOKI5dZfF/8WYLk5if785dPKCjQyTihgyMzcKERhq2mDm9vjzuLHKp05dgQ8eH30oXd1fKfVbDM730VWSKfrNbMktAnsJs9qCehczk5mGnRps+H3ERkkeRyh8yQacuY2rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJA0IHi2RlFmLOzVfQ9AjF0n1G9lJ4HHXmdj+3DdXTE7bt8I1Gdb+Rcd7O+TXX+0COYGGuRBpeG+yW/BH5lU78Rccr+QhpQuLmU5C9tzpViSO0/Y3PpxOeAbKQnC1BRj25Ycra+iFMpaTeu/M+s+cXRfJ1dVqnzn5ncrvseOziP9IRhSvBbiv4CVi7Im4cqBpY17CtbFeE0RY9IC2YAjNDKqSNqlfB+Zr44JgoXMlxfpIElwdNmXSYt7qTMKhSDBdfNTEatIbmeHAFeIi0xx1UofRPHGSdaB2PdwSVpjyP0a9tUgJ1vC+zwKq+FsCcqlj4USztKuE9gIX3zK69ucch8=</X509Certificate>
        </X509Data>
      </KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://auth.hackedu.com/saml2/idpresponse" index="1"/>
  </md:SPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en-US">HackEDU, Inc.</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en-US">HackEDU</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en-US">https://hackedu.com</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="technical">
    <md:GivenName>Support</md:GivenName>
    <md:EmailAddress>support@hackedu.com</md:EmailAddress>
  </md:ContactPerson>
  <md:ContactPerson contactType="support">
    <md:GivenName>Support</md:GivenName>
    <md:EmailAddress>support@hackedu.com</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>