Configure Single Sign-On using PingID with SAML

Configure Single Sign-On using PingID with SAML

Product: Thinfinity Workspace
Version: 7 and above

PingID SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with PingID and securely access multiple applications. PingID generates SAML assertions that enable seamless authentication and authorization across integrated services, improving user experience and security.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using PingID SAML as the Identity Provider (IDP).

Prerequisites

  • PingID account with administrative access.
  • Thinfinity Workspace installed and accessible.

Configuring PingID

Create a PingID Application for Thinfinity Workspace

  • First, log into your PingID dashboard or create a new account if necessary.
  • Go to the Applications section and click Applications. Then, click the + (plus) button to add an application.

  • Now, provide an Application Name and Description, select SAML Application as the application type and then click Configure below.

  • On the next screen, select Manually Enter and fill out the fields below.
In the ACS URLs (Assertion Consumer Service URL), you must enter the public URL and port for your Thinfinity Workspace server followed by the Virtual Path of the authentication method you configured in the Thinfinity Workspace Configuration Manager.
In the Entity ID URL, you must enter the public URL and port for your Thinfinity Workspace server.
When finished click Save.


  • Now select the gears icon in Protocol SAML.

  • Next, select Download Signing Certificate and choose the X509 PEM (.crt) format. You will need this certificate to configure Thinfinity Workspace.

Configure Attribute Mappings

  • Now, select the Attribute Mappings tab and then click the Edit button. 

 
  • For the saml_subject attribute, select Email Address in the PingOne Mappings dropdown list. When finished click Save.

 
  • Now, select the Policies tab and then click the Edit button. 

  • Here, you can set which authentication policies are going to be enabled for signing in. For testing purposes enable Single Factor, then click Save.

Obtain PingID Client Information and Certificate

Now, click the Configuration tab and note down the Issuer ID and the Single Signon Service. These will be needed to configure SSO in Thinfinity Workspace.



Configuring Thinfinity

Set Up SSO on Thinfinity Workspace

  • Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > SAML.


Enter PingID SAML Details in Thinfinity Workspace

  • Here, you will Name the method and enter the PingID SAML values that you have previously obtained from the PingID dashboard, into the corresponding fields in the General tab of the Authentication Method Settings, as shown below:
    • Service Identifier = Audience URI (SP Entity ID) (https://[MythinfinityWebsite]:[Port]).
    • Service Certificate File = Path to your certificate’s file (This is your workspace's site certificate).
    • Service Certificate Password = Password for the certificate above.
    • Identification Entity ID = Identity Provider Issuer.
    • Single Sign-On Service URL = Identity Provider Single Sign-On URL.
    • Sign-Out URL = This value is optional.
    • Partner Certificate File = Path to the X.509 Certificate you previously downloaded from PingID.

Configure User Attributes

  • Define which user attributes from PingID will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the PingID user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.



Testing the SSO Integration

  • Finally, attempt to log in to Thinfinity Workspace and try the option Sign in with SAML.
Verify that you are redirected to the PingID login page and can authenticate successfully.



By following these steps, you should be able to integrate PingID SAML as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.
    • Related Articles

    • Configure Single Sign-On in using OneLogin with OAuth

      Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...
    • Configure Single Sign-On using Okta with SAML

      Product: Thinfinity Workspace Version: 7 and above Okta SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Okta and securely access multiple ...
    • Configure Single Sign-On using Jumpcloud with SAML

      Product: Thinfinity Workspace Version: 7 and above Jumpcloud SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Jumpcloud and securely access ...
    • Configure Single Sign-On using RADIUS

      Product: Thinfinity Workspace Version: 7 and above RADIUS (Remote Authentication Dial-In User Service) is a networking protocol used for centralized authentication, authorization, and accounting (AAA) for remote access services. It enables secure ...
    • Configure Single Sign-On using Auth0 with OAuth

      Product: Thinfinity Workspace Version: 7 and above Auth0 is an authentication and authorization platform that simplifies identity management for developers. It provides secure login, identity verification, and single sign-on capabilities for web, ...