Setup SSO with Ping Identity using SAML in OneID
This article explains how to set up Single Sign-On (SSO) with Ping Identity using SAML in Zuora OneID. For more information on configuring SSO for OneID, see Configure SSO for OneID.
Step 1: Create a Zuora OneID application in Ping Identity
To create a Zuora OneID application in Ping Identity, follow these steps:
- Configure the service provider details as mentioned below:
- ACS URL: Enter the service provider's Assertion Consumer Service URL as https://one.zuora.com/saml/SSO.
- Entity ID: Enter the unique SAML entity value as https://one.zuora.com/saml/metadata.
- Log in to the PingOne admin console as an administrator.
- From the main dashboard, click Applications and select Add Application.
- Name the application Zuora OneID and set the Application Type to SAML Application.
- Click Configure to proceed with the SAML configuration.
- In the SAML Configuration section, select Import from URL.
- Enter the Import URL as https://one.zuora.com/saml/metadata, then click Import and save the settings.
- Navigate to the Attributes section, and change the NameID format to Email Address.
- Save the changes, then copy the IDP Metadata URL from the configuration page for later use.
Step 2: Configure Ping Identity metadata in Zuora OneID
Once the application is created in Ping Identity, configure the metadata in Zuora OneID by following these steps:
- Log in to one.zuora.com as an administrator.
- Go to Settings and click Manage SSO Settings.
- Choose Metadata Type as URL.
- Paste the IDP Metadata URL you copied in Step 1 and click Save.
Step 3: Enable SSO for users in Zuora OneID
To enable SSO for your users in Zuora OneID, perform the following steps:
- Navigate to the Users section in the Zuora OneID admin panel.
- Select a test user and open the profile in edit mode.
- Toggle Single Sign-On Enabled to On.
- Enter the user's Federated ID (matching the user's email in Ping Identity) and save the changes.
Step 4: Test the SSO configuration
After configuring SSO for users, test the setup by following these steps:
- In the PingOne admin console, initiate a test SSO login.
- Ensure Zuora OneID opens in a new tab, logging in the user via SSO.
- If the login fails, review any error messages and adjust the Identity Provider (IdP) or Service Provider (SP) settings as needed.
- Retest the SSO login until the setup works correctly.