# SSO For PingFederate

**PingFederate** is a federation server offering identity management, web SSO, and API security. It supports identity standards such as SAML, WS-Federation, OAuth, and OpenID Connect, allowing users to securely access applications with a single identity.

***

## Setting up SSO Using PingFederate

### Step 1: Create an SP Connection in PingFederate

1. Log in to PingFederate.
2. Navigate to **Identity Provider > SP Connections > Create New**.
3. Select **Browser SSO Profiles** on the **Connection Type** page and click **Next**.
4. Select **Browser SSO** on the **Connection Options** page and click **Next**.
5. On the **Import Metadata** tab:
   * Choose **File**.
   * Upload the SSO metadata file.
   * Click **Next**.
6. Provide the following:
   * **Entity ID** (subdomain with https\://)
   * **Connection Name**
   * **Base URL** (SAML Endpoint URL)
   * Click **Next**.
7. Click **Configure Browser SSO**.
8. Select **IdP-Initiated SSO** and **SP-Initiated SSO**, then click **Next**.
9. Enter **Assertion Lifetime**, then click **Next**.
10. Click **Configure Assertion Creation**.
11. Choose **Standard Identity Mapping**, then click **Next**.
12. Configure:
    * **Subject Name Format**: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
    * **Attribute Name Format** for Email: `urn:oasis:names:tc:SAML:2.0:attrname-format:basic`
13. Click **Next**.
14. Click **Map New Adapter Instance**.
15. Select an **Adapter Instance**, click **Next**.
16. Select **Mapping Method**.
17. Click **Add Attribute Source**.
18. Enter attribute store details and click **Next**.
19. Configure LDAP Directory Search and click **Next**.
20. Set **Attribute Encoding Type** to **Base64** for Mail.
21. Select appropriate filters.
22. Attribute Contract Fulfillment:
    * **Email**: Source: LDAP, Value: mail
    * **SAML\_SUBJECT**: Source: LDAP, Value: Subject DN
23. Click **Next** and review Attribute Source summary.
24. Leave next screen default settings.
25. Select **SEND USER TO SP USING DEFAULT LIST OF ATTRIBUTES**.
26. Attribute Contract Fulfillment:
    * **Email**: Source: Adapter, Value: mail
    * **SAML\_SUBJECT**: Source: Adapter, Value: username
27. Click through summary and defaults until **Configure Protocol Settings**.
28. Enter protocol settings.
29. Select SAML bindings and set **Artifact lifetime** to 60 seconds.
30. Enter remote party URL: e.g., `https://pg.autorabit.com/saml/SSO`
31. Select **Always Sign Assertion**, set encryption policy to **None**, then click **Next**.
32. Complete remaining steps, keeping default values unless specified.
33. Under **Configure Credentials**, select:
    * **HTTP BASIC**
    * **Validate partner SSL certificate**
34. Provide **Username** and **Password** for SOAP authentication.
35. Repeat for **Receive from your partner** section with similar settings.
36. Choose signing key/certificates.
37. Complete SP connection configuration and export metadata XML:
    * **Identity Provider > Manage All > Select Action > Export Metadata**

***

### Step 2: Configure SSO in AutoRABIT

1. Log in to AutoRABIT.
2. Navigate to **Admin > My Account**.
3. Scroll to the **SSO Configuration** section.
4. Upload the previously downloaded metadata XML.
5. Log out, return to the login page, and click **Single Sign On**.
6. Enter domain and click **Go**.
7. You’ll be redirected to your domain's SSO login screen. Enter PingFederate credentials.

***

Once completed, users will authenticate via PingFederate to access AutoRABIT through secure, federated SSO.