PingOne is a service providing single sign-on (SSO) for web and mobile applications.
As a CodeScan administrator, you can implement Security Assertion Markup Language (SAML) 2.0 SSO when your company uses PingOne. Users can then log in to CodeScan without providing their authentication credentials since their identity was previously validated when logging in to their PingOne session.
This procedure involves the following steps:
- Enabling Single Sign-On in CodeScan
- Adding CodeScan as an App in PingOne
- Entering PingOne- Identity Provider Data in CodeScan
- (Optional) Adding Attribute Mappings in PingOne
- Testing the Single Sign-On Configuration
Step 1: Enabling Single Sign-On in CodeScan
Before configuring SSO in PingOne, you must enable SSO in CodeScan.
In CodeScan, click on the Profile icon on the right corner of the screen and select your organization (under My Organizations).
Go to Administration > SAML Connections.
Click on Create Connection.
In the Connection name field, enter the identity provider name as you want to appear (use only Latin characters without spaces and any special characters).
Enter a valid domain name of the organization in the Corporate domain field that can be authenticated in the Identity Provider. This property cannot be updated after SAML Connection creation.
Example- In case of
email@example.com, the corporate domain will be
Confirmation of your corporate domain is mandatory to get the SSO working. You can confirm domain via Codescan Support.
- Select the Enabled checkbox to enforce SSO. When enabled, only SSO authentication will be allowed for email addresses of your corporate domain.
- Enforcing SSO affects both login and signup. Existing Auth0 users won't be able to login.
- Signup with email domain same as corporate domain won't be allowed.
Keep the SAML Connection status checkbox as Enabled and click on Create button.
You will be able to see the Metadata URL generated for your SSO configuration. Keep the current page open while you continue to add the CodeScan app to PingOne.
Step 2: Adding CodeScan as an App in PingOne
Set up the PingOne application to provide necessary configuration information for CodeScan.
- Log in to your PingOne Administrator account.
- Select the Environment.
- Go to the Connections tab and select Applications as a sub-tab.
- Click on the icon besides Applications to add a new app.
- In the Add Application section,
CodeScanfor the application name and give a short description.
b. Choose Application Type as SAML Application.
- Click Configure.
- In the SAML Configuration section, select the Import From URL option.
- Enter the same Metadata URL which you have generated inside CodeScan.
- Click on the Import button. The metadata should be successfully imported, and you should see the parsed metadata values.
- Click Save.
Step 3: Entering Identity Provider Data in CodeScan
Once the application is created, you will need to enter the identity provider data from PingOne into CodeScan.
In CodeScan, on the SAML page, go to Actions and click on Edit.
You will need to paste the mandatory/optional details below into CodeScan from PingOne Identity Provider.
- Mandatory Settings:
- Provider Entity ID
- Sign In URL
- X509 Signing Certificate
- Optional Settings:
- SAML user login attribute
- SAML user name attribute
- SAML user email attribute
- SAML group attribute
- Mandatory Settings:
In PingOne, go to the Configuration tab.
Copy the following values:
- Issuer ID: Copy Issuer ID value and paste it into Provider Entity Id inside Codescan.
- Single Signon Service: Copy Single Signon Service value and paste it into Sign In URL inside Codescan.
Click on the Edit icon in the top-right corner.
Click on Download Signing Certificate in X509 PEM (.crt) format and copy the content of the file (certificate) into the X509 Signing Certificate field of Codescan SAML connection.
Click Update on the CodeScan page.
Step 4: (Optional) Adding Attribute Mappings in PingOne
It’s possible to sync attributes of IDP users with properties of Codescan users.
- In PingOne, go to the Attribute Mappings tab of your SAML Application and click on the Edit icon.
- Add these four attributes and map to corresponding PingOne properties:
|CodeScan Attribute||PingOne Attribute||Required||Description|
|saml_subject||User ID||Yes||User ID is a default required in PingOne|
|saml_username||Username||Optional||PingOne username will be used for newly created CodeScan users|
|saml_email||Email Address||Optional||PingOne email will be copied to user profile in CodeScan|
|saml_name||Formatted||Optional||PingOne formatted name will be copied to user profile in CodeScan|
|saml_groups||Group Names||Optional||PingOne user groups will be automatically created in CodeScan Organization, and user will be added to these groups|
3. Click Save.
4. Enable the
Step 5: Testing the Single Sign-On Configuration
Log out of the CodeScan Console, and then log back in using the Log in with SAML2 option.
Enter the domain name of your organization in the Your Company email field. For example- autorabit.com.
You should successfully redirect to the CodeScan Organization page after authentication.