Skip to content

Update pingfederate-saml.mdx #22477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 15, 2025
Merged

Update pingfederate-saml.mdx #22477

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c3d5986
Update pingfederate-saml.mdx
kennyj42 May 15, 2025
e8a66b9
Apply suggestions from code review
ranbel May 15, 2025
b89d8c0
Update src/content/docs/cloudflare-one/identity/idp-integration/pingf…
ranbel May 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 13 additions & 9 deletions src/content/docs/cloudflare-one/identity/idp-integration/pingfederate-saml.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,39 +19,43 @@ These can be any value. A prompt displays to select a signing certificate to use

5. In the **SAML attribute configuration** dialog select **Email attribute** > **urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress**.

6. Go to **SP Connections** > **SP Connection** > **Credentials**.

7. Add the matching certificate that you upload into the Cloudflare SAML configuration for Ping. Select **Include the certificate in the signature `<KEYINFO>` element**.

:::note
There is an additional setting for PingFederate prior to 9.0.
:::

6. In the **Signature Policy** tab, disable the option to **Always Sign Assertion**.
8. In the **Signature Policy** tab, disable the option to **Always Sign Assertion**.

7. Leave the option enabled for **Sign Response As Required**.
9. Leave the option enabled for **Sign Response As Required**.

This ensures that SAML destination headers are sent during the integration.

In versions 9.0 above, you can leave both of these options enabled.

8. A prompt displays to download the SAML metadata from Ping.
10. A prompt displays to download the SAML metadata from Ping.

This file shares several fields with Cloudflare Access so you do not have to input this data.

9. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
11. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.

10. Under **Login methods**, select **Add new**.
12. Under **Login methods**, select **Add new**.

11. Select SAML.
13. Select SAML.

12. In the **IdP Entity ID** field, enter the following URL:
14. In the **IdP Entity ID** field, enter the following URL:

```txt
https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
```

You can find your team name in Zero Trust under **Settings** > **Custom Pages**.

13. Fill the other fields with values from your Ping dashboard.
15. Fill the other fields with values from your Ping dashboard.

14. Select **Save**.
16. Select **Save**.

To test that your connection is working, go to **Authentication** > **Login methods** and select **Test** next to the login method you want to test.

Expand Down
Loading