Single Sign-On with PingOne
PingOne is a service providing single sign-on (SSO) for web and mobile applications.
As a CodeScan administrator, you can implement Security Assertion Markup Language (SAML) 2.0 SSO when your company uses PingOne. Users can then log in to CodeScan without providing their authentication credentials since their identity was previously validated when logging in to their PingOne session.
This procedure involves the following steps:
Enabling Single Sign-On in CodeScan
Adding CodeScan as an App in PingOne
Entering PingOne- Identity Provider Data in CodeScan
Adding Attribute Mappings in PingOne
Testing the Single Sign-On Configuration
Step 1: Enabling Single Sign-On in CodeScan
Before configuring SSO in PingOne, you must enable SSO in CodeScan.
In CodeScan, click on the
Profile
icon on the right corner of the screen and select your organization (underMy Organizations
).
Go to
Administration > SAML Connections
.
Click on
Create Connection
.
In the
Connection name
field, enter the identity provider name as you want to appear (use only Latin characters without spaces and any special characters). Example-PingOne-SAML
Enter a valid domain name of the organization in the
Corporate domain
field that can be authenticated in the Identity Provider. This property cannot be updated after SAML Connection creation. Example- In case ofabc@autorabit.com
, the corporate domain will beautorabit.com
.Keep the
Enforce SSO
checkbox unchecked for now. You can enable Enforce SSO later when your domain has been confirmed. Once enabled, only SSO authentication will be allowed for email addresses of your corporate domain.
Point to Note:
Enforcing SSO affects both login and signup. Existing Auth0 users won't be able to login.
Signup with email domain same as corporate domain won't be allowed.
If the
Enforce SSO
is enabled prematurely, it will prevent all users in their organisation from accessing CodeScan. Consider enforcing SSO only after admins have logged in to CodeScan using SSO.Keep the
SAML Connection status
checkbox asEnabled
and click onCreate
button.
You will be able to see the
Metadata URL
generated for your SSO configuration. Keep the current page open while you continue to add the CodeScan app to PingOne.
Step 2: Adding CodeScan as an App in PingOne
Set up the PingOne application to provide necessary configuration information for CodeScan.
Log in to your PingOne Administrator account.
Select the
Environment
.Go to the
Connections
tab and selectApplications
as a sub-tab.
In the
Add Application
section,Enter
CodeScan
for the application name and give a short description.Choose
Application Type
asSAML Application
.
Click
Configure
.In the
SAML Configuration
section, select theImport From URL
option.Enter the same
Metadata URL
which you have generated inside CodeScan.
Click on the
Import
button. The metadata should be successfully imported, and you should see the parsed metadata values.
Click
Save
.
Step 3: Entering Identity Provider Data in CodeScan
Once the application is created, you will need to enter the identity provider data from PingOne into CodeScan.
In CodeScan, on the
SAML
page, go toActions
and click onEdit
.
You will need to paste the mandatory/optional details below into CodeScan from PingOne Identity Provider.
Mandatory Settings:
Provider Entity ID
Sign In URL
X509 Signing Certificate
SAML user email attribute
SAML user name attribute
Optional Settings:
SAML user login attribute
SAML group attribute
In PingOne, go to the
Configuration
tab.Copy the following values:
Issuer ID
: Copy Issuer ID value and paste it intoProvider Entity Id
inside Codescan.Single Signon Service
: Copy Single Signon Service value and paste it intoSign In URL
inside Codescan.
Click on the
Edit
icon in the top-right corner.
Click on
Download Signing Certificate
in X509 PEM (.crt) format and copy the content of the file (certificate) into theX509 Signing Certificate
field of Codescan SAML connection.
Click
Update
on the CodeScan page.The next step is to confirm your corporate domain to get the SSO working. You can confirm domain via raising a request to Codescan Support.
Step 4: Adding Attribute Mappings in PingOne
Itâs necessary to sync attributes of IDP users with properties of CodeScan users.
In PingOne, go to the
Attribute Mappings
tab of your SAML Application and click on theEdit
icon.Add these attributes and map to corresponding PingOne properties:
CodeScan Attribute | PingOne Attribute | Required | Description |
---|---|---|---|
saml_subject | User ID | Yes | User ID is a default required in PingOne |
saml_username | Username | Yes | PingOne username will be used for newly created CodeScan users |
saml_email | Email Address | Yes | PingOne email will be copied to user profile in CodeScan |
saml_name | Formatted | Optional | PingOne formatted name will be copied to user profile in CodeScan |
saml_groups | Group Names | Optional | PingOne user groups will be automatically created in CodeScan Organization, and user will be added to these groups |
Click
Save
.Enable the
CodeScan
app.
Step 5: Testing the Single Sign-On Configuration
Log out of the CodeScan Console, and then log back in using the
Log in with SAML2
option.
Enter the domain name of your organization in the
Your Company email
field. For example- autorabit.com.You should successfully redirect to the CodeScan
Organization
page after authentication.
Last updated