PingIdentity provides enterprise access management solutions. This article will walk you through how to set up SAML Single Sign-on to Oktopost with PingIdentity as the identity provider.
How to configure PingIdentity
First, you need to set up a new custom application on PingIdentity for Oktopost.
On PingIdentity, enter the application name (Oktopost) and settings as follows:
| Field | Value |
| ACS URLs | https://app.oktopost.com/auth/acs |
| Entity ID | https://app.oktopost.com |
| Subject Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
If your Oktopost account is hosted in the EU, (ie: if you log in to Oktopost and see
eu-app.oktopost.com for its URL), adjust the ACS URLs and Entity ID fields to include
eu-app.oktopost.com
Next, on Attribute Mapping, set the Email Address as the SAML Subject.
All other configurations should be based on the default.
Save the new application, enable it, and assign the relevant users and groups.
Configure Oktopost
Once your PingIdentity app is configured, log in to Oktopost and head over to Single Sign-On, under App Settings.
Change the "Enabled" select box to Yes.
Copy the SINGLE SIGNON SERVICE from PingIdentity and paste it to Oktopost, under SAML Endpoint.
Copy the ISSUER ID from PingIdentity and paste it to Oktopost, under Issuer URL.
Download the signing key from PingIdentity and upload it to Oktopost under X.509 Certificate.
Save the Configuration in Oktopost, and you're done.
To test the configurations, sign out of Oktopost, log in to your PingOne account, and try logging in.