icon-unified.svg
Experience Center

Configuration Guide for Ping Identity PingOne

This guide provides information on how to set up Ping Identity PingOne as an IdP for Private Applications.

Prerequisites

Ensure that you have the following:

  • A Ping Identity PingOne account with admin privileges
  • A Private Applications account with an administrator role that allows you to add an IdP Configuration

Configuring PingOne for SSO

To configure PingOne as the IdP for Private Applications user and admin SSO:

  1. Log in to the PingOne portal as an administrator and select Applications.
  2. In the My Applications tab, click Add Application.

  1. Select Search Application Catalog from the drop-down menu.

  1. In the search toolbar, search for "Zscaler Private Access". If you are:
  • Configuring the IdP for Private Applications user SSO, click the Zscaler Private Access 2.0 application.
  • Configuring the IdP for Private Applications admin SSO, click the Zscaler Private Access Administrator 2.0 application.

The following steps are identical for both applications.

  1. Click Setup to configure the Private Applications application.

  1. For SSO Instructions, click Continue to Next Step.

  1. For Connection Configuration:
    1. Log into the Admin Portal, complete step 2 of the new IdP configuration procedure. During this procedure, you must click Download Metadata. You can then Pause the configuration.
    2. Go back to the PingOne portal, for Upload Metadata, click Select File.
    3. Navigate to and upload the SP metadata file you downloaded previously.

The ACS URL and Entity ID fields will automatically be populated with the proper Service Provider URL and Service Provider Entity ID information, respectively. Also, the Primary Verification Certificate will have the proper certificate file (.cer) applied. The SP URL, Entity ID, and certificate provided are specific to your IdP.

  1. Click Continue to Next Step.
  2. For Attribute Mapping, map the identity bridge attributes to the attributes required by Private Applications, then click Continue to Next Step.

  1. For PingOne App Customization, enter the Name and Description for Private Applications, then click Continue to Next Step.

  1. For Group Access, add user groups for Private Applications as needed, then click Continue to Next Step.

  1. For Review Setup:
    1. Scroll down to SAML Metadata and click Download to export the IdP metadata file.

  1. Review the Identity Bridge Attribute fields, then click Finish.

After you have configured Private Applications, it appears in your My Applications list.

  1. Go to the Admin Portal and complete the IdP configuration set up.

For PingOne, the IdP metadata file you upload to the Admin Portal will populate the Name, Single Sign-On URL, and IdP Entity ID fields. ZPA (SP) SAML Request is set to Signed and the IdP Certificate is uploaded automatically.

After configuring your IdP, be sure to verify the configuration.

Related Articles
Configuration Guide for Gemalto SafeNet Authentication ManagerConfiguration Guide for Microsoft ADFS 2.0 and 3.0Configuration Guide for Microsoft Azure ADConfiguration Guide for OktaConfiguration Guide for OneloginConfiguration Guide for Ping Identity PingOne