Skip to main content
All CollectionsSupplyPikeFrequently Asked Questions
Enterprise SSO - PingFederate SAML
Enterprise SSO - PingFederate SAML

Learn how to set up PingFederate as your SupplyPike IdP

Support avatar
Written by Support
Updated over 3 months ago

Plan: Enterprise

Related:

Quick Setup

Download configuration metadata XML file from

https://auth.supplypike.com/samlp/metadata?connection={connectionName}.

{connectionName} will be provided to you by your SupplyPike support rep.

The metadata file contains the following values which you can use to configure your PingFederate server as an IdP for SupplyPike:

  • EntityID: urn:auth0:supplypike:{connectionName}

  • Assertion Consumer Service URL: https://auth.supplypike.com/login/callback?connection={connectionName}

  • Logout URL (HTTP-Redirect and HTTP-POST): https://auth.supplypike.com/logout

  • Digital signature: Certificate Signing Request is provided under the <ds:X509Certificate> key or you can download the PEM version here.

Detailed Setup

Your company's setup may differ, but below are the general steps needed to set up a new SSO app in a PingFederate server.

  1. Sign on to your PingFederated account and select Create New from the Service Provider (SP) Connections section.

  2. Configure the SP Connection.

    • Select the Browser SSO Profiles as the Connection Type.

    • Select Browser SSO as the Connection Options.

  3. Upload the metadata XML file that you downloaded above. The Entity ID, Connection Name, and the Base URL will be automatically populated based on the information from the metadata file.

  4. Configure Browser SSO.

    • Select SP-Initiated SSO and SP-Initiated SLO in SAML Profiles.

    • Go to the Assertion Creation section and click Configure Assertion. Accept all defaults for the next two screens.

  5. Go to the IdP Adapter Mapping section. This is where users will be authenticated. Likely, you already have one configured in your PingFederate installation. Select one, or add a new one. SupplyPike only requires the NameIdentifier claim. All other attributes will be passed further to the end application.

  6. Configure Protocol Settings. Values for Protocol Settings are imported from the metadata file. Next, you will see the Assertion Consumer Service URL and the Sign-Out URLs. Click Next to the Allowable SAML Bindings section.

  7. Leave POST and Redirect enabled. Make sure SAML Assertion is always signed.

  8. Configure Credentials. On Digital Signature Settings, select your signing certificate and make sure you check the option to include it in the <KeyInfo> element.

  9. Configure the certificate used to sign incoming requests. You can download the SupplyPike certificate (use https://auth.supplypike.com/pem) and upload it here.

  10. Review your settings and set them as Active or Inactive.

  11. Click Save at the bottom of the screen. You should see the new SP Connection on the Main screen.

Did this answer your question?