Ping Identity
To configure Appsmith to use Ping Identity as a SAML provider, follow the steps below:
Prerequisites
- A self-hosted Appsmith instance. See the installation guides for installing Appsmith.
- Before setting up Single Sign-On (SSO), ensure that you have already configured a custom domain for your instance.
- In Appsmith, go to Admin Settings > Authentication and click Enable on SAML 2.0.
- Copy the Redirect URL and Entity ID from the SAML 2.0 configuration page to add them later in the Ping Identity settings.
Create application on Ping Identity
Log into your PingOne account. On the homepage, click Add Environment from the top right corner.
On the Create Environment screen, select Build your own solution.
a. Click PingOne SSO from Cloud Services under the Select solution(s) for your Environment section. Click Next
b. Enter the environment name and description. Click Next.
Open the newly created Environment, and from the sidebar, go to Connections > Applications.
On the Applications homepage, click the + icon to create a new application. On the Add Application panel:
a. Enter the application name and description.
b. Select the Application Type as SAML Application. Click Configure.
c. On the SAML Configuration panel, select Manually Enter.
d. Add the Redirect URL in the ACS URLs field.
e. Add the Entity ID in the Entity ID field.
f. Click Save.
Open your application, go to the Configurations tab, and copy the IDP Metadata URL to add it later in the SAML configurations in Appsmith.
On your application panel, switch the toggle button at the top right corner to enable user access to the application.
Register Ping Identity in Appsmith
If you are running Appsmith on Google Cloud Run or AWS ECS, make sure to configure your service before setting up SSO. For detailed instructions, see the Configure Google Cloud Run for SSO, or Create PostgreSQL RDS for SAML SSO guide.
To complete the SAML configuration, you must register the identity provider on Appsmith. Appsmith provides three options to register the identity provider, as mentioned below:
- Metadata URL (recommended)
- Metadata XML
- IdP data
To register Ping Identity as the identity provider on Appsmith, follow the steps below:
- Go to the SAML 2.0 configuration page in Appsmith, and navigate to Register Identity Provider section.
- Add the copied IDP Metadata URL in the Metadata URL field under the Register Identity Provider section.
To set up SAML using the raw Metadata XML file, follow the steps below:
- Open your Ping identity application, go to Configurations, and click Download Metadata.
- Open the downloaded Metadata file in a browser and copy the XML content.
- Navigate to Appsmith and add the raw XML in the Metadata XML field under the Register Identity Provider section in the SAML 2.0 configuration page.
If you have Identity provider data like X509 Public Certificate, Email, you can choose this option to configure SAML.
- Open your Ping identity application, go to Configurations, and click Download Metadata.
- Open the downloaded Metadata file in a browser.
- Add the following values from XML tags in IdP Data under the Register Identity Provider section in the Appsmith SAML 2.0 configuration page:
IdP Data Field | Metadata XML Tag |
---|---|
Entity ID | Enter the value of the entityID attribute specified in the <EntityDescriptor> tag. |
Single Sign-On URL | Enter the value of location attribute specified in the <SingleSignOnService> tag. |
X509 Public Certificate | Enter the value specified in the <X509Certificate> tag. |
Enter the value specified in the <NameIDFormat> tag. |
Once you have added the details, click the SAVE & RESTART button to save the configuration and restart the instance.
After the Appsmith instance restarts, try logging in again to your account. You'll see a login screen with the SIGN IN WITH SAML SSO button.