PingOne Single Sign-on (SSO) Setup

Once the Bitsight SAML app has been configured via PingOne, use the following instructions to set up single sign-on (SSO) in the PingOne application:

1. Select the “RSA_SHA256” signing algorithm option or higher.
2. Configure your connection.

   The default ACS URL, Entity ID, Single Logout Endpoint, and Single Logout Response Endpoint are preconfigured. They do not need to be changed for the application to work.

3. Customize your PingOne dock URL.
4. Map the appropriate user attributes with fields. See the default SAML metadata attributes.

   Important: You must individually set the format:uri for the First Name, Last Name, and Email fields.

   1. Select the “Advanced” option for each field.
   2. In the pop-up that follows, click in the “NameFormat” box.
   3. Select the “urn:oasis:names:tc:SAML:2.0:attrname-format:uri” option.
5. Assign the “SAML_SUBJECT” option, unless your company has specific mappings. Do not specify any advanced “NameFormat” for it.
6. Select Save & Publish.
7. Review the setup.

   SSO is typically handled directly through the PingOne platform, so you may wish to bookmark the “Initiate Single Sign-On (SSO)” URL.

8. Download the SAML Metadata for your configured Bitsight Application.
9. Paste the contents of the SAML metadata that was downloaded from PingOne into the text box in the SAML page [ Settings ➔ SAML] of the Bitsight platform.
10. Take note of your SAML login URL shown in the SAML page.
11. Check the Enable SAML for the account checkbox.
12. Log in to Bitsight using SAML from PingOne. You may use the PingOne SSO URL, the PingOne portal, or the Bitsight-provided SAML login URL to initiate your first SAML-based login.

SAML is enabled company-wide for any other Bitsight user accounts after your initial successful log in.