diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/pingfederate-saml.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/pingfederate-saml.mdx index 805ea6cba88023..8d5d2358a4b00c 100644 --- a/src/content/docs/cloudflare-one/identity/idp-integration/pingfederate-saml.mdx +++ b/src/content/docs/cloudflare-one/identity/idp-integration/pingfederate-saml.mdx @@ -19,29 +19,33 @@ These can be any value. A prompt displays to select a signing certificate to use 5. In the **SAML attribute configuration** dialog select **Email attribute** > **urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress**. +6. Go to **SP Connections** > **SP Connection** > **Credentials**. + +7. Add the matching certificate that you upload into the Cloudflare SAML configuration for Ping. Select **Include the certificate in the signature `` element**. + :::note There is an additional setting for PingFederate prior to 9.0. ::: -6. In the **Signature Policy** tab, disable the option to **Always Sign Assertion**. +8. In the **Signature Policy** tab, disable the option to **Always Sign Assertion**. -7. Leave the option enabled for **Sign Response As Required**. +9. Leave the option enabled for **Sign Response As Required**. This ensures that SAML destination headers are sent during the integration. In versions 9.0 above, you can leave both of these options enabled. -8. A prompt displays to download the SAML metadata from Ping. +10. A prompt displays to download the SAML metadata from Ping. This file shares several fields with Cloudflare Access so you do not have to input this data. -9. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**. +11. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**. -10. Under **Login methods**, select **Add new**. +12. Under **Login methods**, select **Add new**. -11. Select SAML. +13. Select SAML. -12. In the **IdP Entity ID** field, enter the following URL: +14. In the **IdP Entity ID** field, enter the following URL: ```txt https://.cloudflareaccess.com/cdn-cgi/access/callback @@ -49,9 +53,9 @@ https://.cloudflareaccess.com/cdn-cgi/access/callback You can find your team name in Zero Trust under **Settings** > **Custom Pages**. -13. Fill the other fields with values from your Ping dashboard. +15. Fill the other fields with values from your Ping dashboard. -14. Select **Save**. +16. Select **Save**. To test that your connection is working, go to **Authentication** > **Login methods** and select **Test** next to the login method you want to test.