Configure other SSO Identity Providers

Ping Setup

1. On the PingOne administrator console, go to Connection :: Applications and click Add Application.

2. Under Advanced Configuration, select the option for SAML

3. Enter these details:

   1. ACS URL (https://api.zpecloud.com/saml/2-0/<sso_name>) or (https://api.zpecloud.eu/saml/2-0/<sso_name>) depending upon the region.

   2. Entity ID (any meaningful ID for the service)

4. Download the signing certificate.

5. On the Mapping Attributes tab, add the mail attribute. 

   

6. (optional) To enable SLO, enter:

   1. SLO Endpoint (https://api.zpecloud.com/saml/2-0/<sso_name>/logout) or (https://api.zpecloud.eu/saml/2-0/<sso_name>/logout) depending upon the region.

   2. SLO Binding (HTTP Post)

   3. Verification Certificate (click Import and choose the certificate previously downloaded from ZPE Cloud at SETTINGS :: SSO :: CERTIFICATE)

7. Click Save.

PingID Cloud Setup

1. On the PingOne Administrator Console, access the application.

   

2. Enter these configuration details:

   1. Entity ID (Entity ID configured earlier)
      

   2. SSO URL (Single Sign-On Service web address)
      

   3. Issuer (Issuer ID)

3. (optional) Download metadata and upload the SSO form.

Duo

To authenticate, Duo requires the Duo Access Gateway (DAG). DAG requires a configuration specific to the selected authentication method. See the DUO website for further information.

To set up the authentication source, refer to Duo Guide (available here). Options include an external IdP, Active Directory and LDAP. After the authentication source is configured, setup the Duo Cloud application. On the Application menu, load the JSON to DAG application.

Create Application on Duo Cloud

1. Login to the Duo administrator account.

2. On the Application menu, click Protect an Application.

3. Use Search to locate the Generic Service Provider for DAG.

   

4. Click Protect.

5. Enter these details:

   1. Service Provider Name (Name to identify the service)

   2. Entity ID (meaningful ID to identify the service)

   3. Assertion Consumer Service (https://api.zpecloud.com/saml/2-0/<sso_name>) or (https://api.zpecloud.eu/saml/2-0/<sso_name>) depending upon the region.

6. (optional) Single Logout URL (https://api.zpecloud.com/saml/2-0/<sso_name>/logout) or (https://api.zpecloud.eu/saml/2-0/<sso_name>/logout) depending upon the region.

7. On the SAML Response menu:

   1. On NameID format drop-down, select unspecified.

   2. On NameIDattribute, enter mail.

8. Complete these:

   1. Unselect Sign response checkbox.

   2. On IdP Attribute, enter mail.

   3. On SAML Response Attribute, enter mail. 

      

9. Click Save.

10. Download the application: JSON. In the Application menu, upload it to Duo DAG.

    

Duo Cloud Setup

This requires Administrator credentials.

1. Login to ZPE Cloud and go to SETTINGS :: SSO.

2. Follow the Add a new Identity Provider procedure with the required fields (located within Duo DAG at Application :: Metadata):

   1. Entity ID (configured earlier)

   2. SSO URL (same as metadata)

   3. Issuer (Entity ID shown on metadata)

3. Download the certificate and upload it to ZPE Cloud.

4. (optional) To download the XML metadata and click LOAD METADATA.