This section describes how to configure Ping Identity as an IdP for My Page.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA My Page as a service provider for Ping Identity.

Procedure

1. Sign into RSA Cloud Administration Console and browse to Users >  Identity Providers.
2. Click Add for Cloud Identity Providers.
3. In the Name and Description section, enter a name for the identity provider and add an optional description.
4. In the Configuration section, provide the following details. 
   1. Issuer ID: Enter the value provided by Ping Identity.
   2. Issuer URL: Enter the value of the Single Sign-on Service provided by Ping Identity.
   3. Audience ID: Enter a value that the identity provider will insert into SAML assertions to indicate for whom the assertions are intended.
      The value is also used as the Entity ID in SAML requests sent to the identity provider.
   4. Assertion Consumer Service (ACS) URL: Displays the URL that Ping Identity will use to set up the service provider.
      
5. In the Certificate section, click Choose File to upload a certificate that the Cloud Authentication Service uses to validate the assertion signature provided by Ping Identity.
   This is the certificate downloaded from the Ping Identity side.
   
6. Navigate to Access > My Page and enable Self-Service.
   The users can use the URL displayed for accessing My Page.
   
7. In the Authentication section, change the Primary Authentication Method to Performed by Cloud Identity Provider and choose the created IdP from the Cloud Identity Providers list.
8. Choose your preferred access policy for additional authentication if needed.
   For testing purposes, you can select a policy that requires no additional step-up authentication.
   
9. Ensure that:
   1. An identity source is created in RSA Cloud Authentication Service under Users > Identity Sources or create a local identity source for testing purposes.
   2. Create new users in the local identity source.
      These users can access My Page.
      

Configure Ping Identity

Perform these steps to configure Ping Identity as the third-party IdP for My Page.

Procedure

1. Sign into Ping Identity Admin Console, click Administrator to access the environment.
2. In the left pane, click Connections > Applications.
   
3. Click the plus icon.
4. In the Add Application window, enter a name for the application and an optional description.
5. Click SAML Application and click Configure.
   
6. Choose Manually Enter.
7. Enter the ACS URLs from RSA Cloud Administration Console and the Entity ID which should match the Audience ID in the configuration done in RSA.
   
8. Click Save.
   The application appears in the set of applications managed as SPs to Ping Identity.
9. Click the newly created application.
10. Navigate to the Configure tab and click the edit icon.
11. In the Subject NameID Format field, select the email address format and click Save.
12. Click the Attribute Mappings tab and click the edit icon.
13. Select Email address for the PingOne Mappings field and click Save.
    
    
14. On the Configuration tab, under Connection Details, download the signing certificate and apply it in RSA Cloud Authentication Console configuration under the Certificate section.
15. Enable the application by toggling the switch button for the application.
    
    
    Users can now log on to My Page and get authenticated by Ping Identity.

Configuration is complete.

Return to the main page.