Introduction
This is an overview guide on how to implement SSO (Single-Sign-On) with Claromentis and Ping Identity
Prerequisite
- Claromentis 9+ with Login Handler Module version 4+
- PingOne SSO Services
- Ping Identity Administrator Access
Ping Identity
📙 Ping Documentation:
Step 1: Configure Ping Identity for single sign-on (SSO)
1. Navigate to the Ping Administrator Console
2. Under Environments, Create Environment > Customer Solution Environment
4. In the Environment Name create a name that you can easily identify the Claromentis system for example
Claromentis Intranet SSO
5. Add Description and details as required.
6. Select "Manage Environments" then navigate to Applications
7. Under Application Type select "SAML Application"
8 Click Configure
9. Under SAML Configuration select Import Metadata
You will need a Metadata file from Claromentis by following these steps:
On the browser navigate to:
https://{yoursystemurl}/custom/loginhandler/simplesaml/www/module.php/saml/sp/metadata.php/claromentis
Replace {yoursystemurl} with your system address for example companyname.myintranet.com
Username: admin
Enter the password by revealing the password in Auth Admin Password (only visible to administrator)
8. Download the Metadata configuration from Ping under Connection Details as this will be required for the Claromentis Login Handler Admin Panel
9. Take a copy of the Issuer ID as this will be used for IDP Identifier under IDP Configuration in Claromentis
10. Attributes Mapping
Here is an example of Attribute Mapping between Claromentis and Ping
Claromentis
Step 2: Configure SSO in Claromentis
Navigate to Admin → Custom Login handler → SSO Configuration
1. Select Identity Provider "PIng"
2. Upload Federation Metadata XML (you will need XML from Ping under Connection Details
3. Populate Security Configuration
4. IDP Identifier: this should be populated from the XML
5. Entity ID you will need to copy this to Ping Configuration
7. Name ID Policy: Unspecified
6. Save Options
Testing & Troubleshooting
