Configure other SSO Identity Providers

  • Updated on Mar 4, 2026
  • Published on Mar 1, 2023
  • 2 minute(s) read
Prev Next

Ping Setup

  1. On the PingOne administrator console, go to Connection :: Applications and click Add Application.

  2. Under Advanced Configuration, select the option for SAML

  3. Enter these details:

    1. ACS URL (https://api.zpecloud.com/saml/2-0/<sso_name>) or (https://api.zpecloud.eu/saml/2-0/<sso_name>) depending upon the region.

    2. Entity ID (any meaningful ID for the service)

  4. Download the signing certificate.

  5. On the Mapping Attributes tab, add the mail attribute. 

  6. (optional) To enable SLO, enter:

    1. SLO Endpoint (https://api.zpecloud.com/saml/2-0/<sso_name>/logout) or (https://api.zpecloud.eu/saml/2-0/<sso_name>/logout) depending upon the region.

    2. SLO Binding (HTTP Post)

    3. Verification Certificate (click Import and choose the certificate previously downloaded from ZPE Cloud at SETTINGS :: SSO :: CERTIFICATE)

  7. Click Save.

PingID Cloud Setup

  1. On the PingOne Administrator Console, access the application.

  2. Enter these configuration details:

    1. Entity ID (Entity ID configured earlier)

    2. SSO URL (Single Sign-On Service web address)

    3. Issuer (Issuer ID)

  3. (optional) Download metadata and upload the SSO form.

NOTE

To use the logout function, select the Single Logout checkbox, and add the single logout URL from the identity provider. If the XML file is loaded, this is automatic.

Duo

Create Application on Duo Cloud

  1. Login to the Duo administrator account

  2. From the Collapse menu, click Applications

  3. Click on Add Application

  4. Use Search to locate the Generic SAML Service Provider - Single Sign-On

  5. Click Add

    Under the Basic Configuration section:

  6. Enter the Application name (ZPE Cloud)

  7. For User access, select Enable for all users

  8. Under Downloads, download the SAML Metadata XML file (Do not close or save DUO SSO configuration yet)

    With the XML file downloaded, go to ZPE Cloud to continue:

  9. Go to SETTINGS::SSO::IDENTITY PROVIDERS

  10. Click on Add

  11. Click on LOAD METADATA and select the XML file downloaded

  12. The metadata file will fill in the SSO URL and Issuer field

  13. Select the Provider, enter the Name and Description

  14. Enter the Entity ID (This is a secret key that will be exactly the same in both ZPE Cloud and Duo)

  15. Click Save

  16. Copy the ACS URL

    With the ACS URL copied, go back to the DUO SSO configuration.

    On the Service Provider section:

  17. Enter the Entity ID (The same secret key as step 14)

  18. Paste the ACS URL that was copied in ZPE Cloud

  19. (optional) Paste the ACS URL in the Single Logout URL followed by /logout

    On the SAML Response section:

  20. Select the “…format::unspecified” from the NameID format drop-down

  21. Select “<Email Address>” from the NameID attribute drop-down

  22. (optional) To map the user to groups enter memberOf in the Name field and the group in the Value field

    Note

    The memberOf needs to match the ZPE Cloud Group you need your user as a member of. If it does not match, the user will log in using the default group configured in ZPE Cloud.

    Usually a symptom of a unmatched memberOf is the user logged in as the ‘User’ group, having access only to the dashboard access tab.

  23. Click on Save