SSO With Ping Identity (SAML)

Last modified on January 9, 2024


This guide provides step-by-step instructions on how to configure single sign-on (SSO) with Ping Identity using the Security Assertion Markup Language (SAML) 2.0 authentication standard.


To get started, make sure the following conditions are met:

  • In Ping Identity, you must have elevated privileges or be an administrator with the ability to manage application settings.
  • In StrongDM, your permission level must be set to Administrator.
  • Ensure you have a unique identifier for users. Only email address is currently supported.


Begin to configure StrongDM

  1. In the StrongDM Admin UI, go to Settings > User Management.
  2. Click the Lock icon to make changes.
  3. Click Yes to enable single sign-on.
  4. Select Ping Identity (SAML) from the Provider dropdown menu.
User Management Configure Ping Identity (SAML)
User Management Configure Ping Identity (SAML)
  1. From the Configure Ping Identity section, copy the StrongDM Metadata URL. This URL is necessary when you configure your Ping Identity SAML application.
Copy the StrongDM Metadata URL
Copy the StrongDM Metadata URL

Create a new Ping Identity SAML application

  1. In the PingOne admin console, select the appropriate environment and navigate to Connections > Applications.
  2. Click the Plus icon, select the SAML Application type, and name the new application.
  3. From the SAML Configuration section, select Import from URL.
    • Paste the StrongDM Metadata URL in the Import URL field.
    • Click Import.
  4. From the Configuration tab, copy the IDP Metadata URL.
  5. Go back to the Admin UI. In the Add SAML metadata section, paste the IDP Metadata URL in the Metadata URL field.
Paste the IDP Metadata URL
Paste the IDP Metadata URL

Map attributes and turn on the app

  1. In the Admin UI, copy the email URN from section Map attributes and go back to the PingOne admin console.
Copy the StrongDM Attribute
Copy the StrongDM Attribute
  1. From the Attribute Mappings tab, add an attribute mapping.
  2. In the column with your app’s name (on the left), paste the email URN in the field. In the PingOne column, enter Email Address in the corresponding field.
  3. When you are finished configuring the required and desired settings, save your progress and set the app to On.

Configure other StrongDM settings

In the Admin UI, configure the remaining settings (for example, Allow password login for admins?). If you wish to allow users to log in via a link from Ping Identity, enable IDP Initiated login. Click Save when you are finished.

Configure the Remaining Settings
Configure the Remaining Settings