[object Object]

Ping

This page provides information on how to configure Cloud CMS Single Sign On (SSO) for Ping Identity's PingOne Single Sign-on with SAML 2.0.

Cloud CMS provides Single Sign On (SSO) Enterprise support for a variety of Identity Providers using SAML 2.0 and/or JWT. For more
information, see Cloud CMS Single Sign On (SSO).

You can learn more about Ping Identity and PingOne here:

https://www.pingidentity.com/en/cloud/pingone-enterprise.html

Set up PingOne

In this section, we'll set up Single Sign On with Ping Identity's PingOne SSO product.

Log into the PingOne Administration Portal

Login at https://admin.pingone.com/web-portal/dashboard#

and click APPLICATIONS

Create an Application

Create a new Application for Cloud CMS

Under "My Applications: click the Add Application button and select "New SAML Application"

[object Object]

You will see a form like this:

[object Object]

Enter an "Application Name" such as Cloud CMS, an "Application Description" and a "Category".

Click Continue to Next Step

You will see the following form:

[object Object]

For "Assertion Consumer Service (ACS)" enter the Cloud CMS Assertion Consumer Service URL:
https://{your-cloudcms-domain}.cloudcms.net/saml

Enter cloudcms for "Entity ID". Remember this value as it is required in the Cloud CMS SSO configuration in a future step. This value is only an example. It can be any name you like.

For "Application URL" enter the Cloud CMS Assertion Consumer Service URL:
https://{your-cloudcms-domain}.cloudcms.net

Click Continue to Next Step two more times and click Finish

From the settings of the new "Application", copy the URL value under Initiate Single Sign-On (SSO) URL. You will need this URL in the Set up Cloud CMS step below.

Set up Cloud CMS

In a new browser window, log into the Cloud CMS user interface. Click on Manage Platform and then pick SSO on the
left-hand menu.

Select SAML 2.0 from the radio button list.

And then fill out the form.

[object Object]

The following is required:

  1. The SAML SSO URL should be the Initiate Single Sign-On (SSO) URL value from your PingOne "Application" you created above.

  2. The SAML Issuer should match your PingOne Application's Audience URI

Save your changes and log out.

Verify it works

You can now verify that Cloud CMS is configured to use SAML 2.0:

  • Log out of your current Cloud CMS account
  • Log back in
  • While Logging in again, you will be re-directed to PingOne
  • Log into PingOne with your username and password.
  • If the credentials match, you will be redirected back to Cloud CMS.
  • Cloud CMS will automatically log you in and create your user if it doesn't yet exist.