Home
User Guides
Start typing to search…
  1. Manage Observe
  2. Manage users and access
  3. Configure single sign-on

Configure Ping Identity PingOne for SSO

Observe supports Ping Identity's PingOne as an Identity Provider (IdP) using Security Authentication Markup Language (SAML).

📘

Note

Use of stem names instead of Observe Customer IDs is not supported at this time.

Configure PingOne

  1. Log into your PingOne portal as the admin and choose Applications > Applications and select the + icon to add a new application.
  2. Fill out the Application Name and Description fields to indicate this is application is associated with your Observe tenant.
  3. If you would like to add the Observe icon, you can download it from here.
  4. For Application Type choose SAML Application and continue via the Configure button.
  5. Under the SAML Configuration section, select Manually Enter, then set the following URL for ACS URL and Entity ID. Replace ${OBSERVE_CUSTOMER_ID} with your Observe tenant ID, and ${REGION_URL} with the appropriate URL for your deployment region. See Observe deployment regions.
https://${OBSERVE_CUSTOMER_ID}.${REGION_URL}/auth/saml2/callback
  1. In the Overview tab copy the Initiate Single Sign-On URL value. This will be something similar to https://auth.pingone.com/${GUID}/saml20/idp/startsso?spEntityId=https://${OBSERVE_CUSTOMER_ID}.${REGION_URL} where ${GUID} is a value specific to your PingOne account, ${OBSERVE_CUSTOMER_ID} is your tenant ID, and ${REGION_URL} is your region URL, such as observeinc.com for US locations.
  1. Navigate to the Configuration tab, and under the Connection Details section, select Download Signing Certificate, and select the X509 PEM (.crt) option.

Attribute mapping

Navigate to the Attribute Mappings tab, set the following values and save them. Note that the Observe values are case sensitive:

ObservePingOne
saml_subjectEmail Address
emailEmail Address
firstNameGiven Name
lastNameFamily Name

Group membership attributes

Observe supports the sending of group membership claims via SAML. The field mapping for Group Names support is as follows.

ObservePingOne
groupsGroup Names

Configure Observe

Perform the following steps to configure Observe for Microsoft Entra ID SSO:

  1. In the left navigation rail, hover on your user name, then select Manage account.
  2. Click Customer settings.
  3. Click Add SAML.
  1. Paste the Initiate Single Sign-on URL from Configure PingOne into the Entry Point field.
  2. Open the X.509 certificate from Configure PingOne in a text editor. Copy the certificate details and paste them into the Cert field for Observe.
  3. Click Add SAML Provider.

Updated 8 days ago