Overview: This article provides a walkthrough for configuration Ping Identity as an identity provider for Tenfold.
1. If not already completed, configure your Identity Repository in Setup.
Note: If you are creating a PingOne Directory you may have to add users to the directory & set the default password.
2. Log in to PingOne as a user with administrator privileges and navigate to Applications > My Applications.
3. Click Add Application and select “New SAML Application”
4. Fill in the Application Details section and click Continue to Next Step.
5. Click Continue to Next Step.
6. On the Application Configuration page, provide the SAML configuration details for the application.
A- Enter the ACS URL and Entity ID.
ACS URL: https://dashboard.tenfold.com/corporate-login/callback
Entity ID: sso.tenfold.com
B- SAML Metadata. Click Download to retrieve the SAML metadata for PingOne.
C- Upload Metadata. Click Choose File to upload the application’s metadata file.
7. Select I have the SAML configuration.
SSO Attribute mapping:-
Modify or add any attribute mappings as necessary for the application, then continue to the next step. When you’ve finished modifying or adding any additional attributes, click Continue to Next Step. The Add Groups page is displayed & you can configure the ways 2 ways in which you can login.
8. Click Save & Publish. The Review Setup window is displayed.
9. Configuring SSO in Tenfold Dashboard
In Tenfold dashboard, navigate to Feature-> Single Sign ON. Set the domain to the value which you want your users to enter when logging in to Tenfold and upload the metadata XML file which was generated in step #6. Click save at the bottom of the page
10. You are ready to use Ping ID to authenticate to Tenfold. The below gif demonstrates the login flow using Ping ID using multi-factor authentication.
When performing an Service Provider Initiated (SP-Init) Single Sign-On (SSO) the following error displays and SSO fails.
Error:- SAML_215: Sorry, we’re unable to fulfill the requested NameID format.
1. Login to PingOne for Enterprise account.
2. Navigate to Applications > My Applications.
3. Click the application in the table where you are configuring SSO.
4. Click Edit and Continue to Next Step twice.
5. (Skip this step if SAML_SUBJECT attribute exists) Click Add new attribute at “3. Attribute Mapping” page and enter SAML_SUBJECT for Application Attribute column and map an appropriate attribute to it.
6. Click Advanced for SAML_SUBJECT attribute and enter the values seen in the screenshot below.
7. Click Save & Publish.
8. Click Finish.
For Enterprise Organization (having different sites at a different location), we should need to have different Entity ID for each tenant. So for that, we simply need to enable – “Use new Service Provider Entity ID format” in Tenfold dashboard & hit Save button.
Then only we will be able to concatenate the Tenant Org ID with the Entity ID (ie sso.tenfold.com/org id).