Publication Date – November 18, 2019
Once the Bitsight SAML app has been configured via PingOne, use the following instructions to set up single sign-on (SSO) in the PingOne application:
- Signing Algorithm: Select the “RSA_SHA256” signing algorithm option or higher.
- Configure Your Connection: The default ACS URL, Entity ID, Single Logout Endpoint, and Single Logout Response Endpoint are preconfigured. They do not need to be changed for the application to work.
- Default PingOne Dock URL: Customize your PingOne dock URL, as needed.
- Attribute Mapping: Map the appropriate user attributes with fields. The default Bitsight values are shown in SAML Metadata Attributes. Assign the “SAML_SUBJECT” option, unless your company has specific mappings. Do not specify any advanced “NameFormat” for it.
Important: You will need to individually set
format:urifor the First Name, Last Name, and Email fields. Select the “Advanced” option for each field. In the pop-up that follows, click in the “NameFormat” box and select the “urn:oasis:names:tc:SAML:2.0:attrname-format:uri” option. - PingOne App Customization - Bitsight: Click Save & Publish.
- Review Setup: You may wish to bookmark your “Initiate Single Sign-On (SSO)” URL. Although, SSO is typically handled directly through the PingOne platform.
- Download the SAML Metadata for your configured Bitsight Application.
- Configure Your Bitsight Organization for SAML Access:
- Log in to the Bitsight platform with your administrative account.
- Paste the contents of the SAML metadata that was downloaded from PingOne into the text box.
- Take note of your SAML login URL, shown in the SAML page.
- Check the “Enable SAML for the account” checkbox.
- Log in to Bitsight using SAML from PingOne. You may use the PingOne SSO URL, the PingOne portal, or the Bitsight-provided SAML login URL to initiate your first SAML-based login.
Once your login is successful, SAML will be enabled company-wide for any other Bitsight user accounts.