PingPlotter Cloud Manual

Single Sign-on: SAML IdP Setup Instructions

Note

Single Sign-on (SSO) is an add-on feature. Please contact our sales team for more information.

Single Sign-on allows you to integrate PingPlotter Cloud user authentication with your preferred identity provider.

PingPlotter Cloud Setup

Warning!

Once an IdP has been added, all users will be required to authenticate using SSO. Be sure to add groups/users to your PingPlotter Cloud application within your IdP before hitting save. Please contact support support if you accidentally lock yourself out of your account.

These steps will generally be the same for each identity provider:

  1. Go to Manage --> SSO --> Add Identity Provider
  2. Name - Use the name of your IDP (Entra ID, OneLogin, etc)
  3. Login URL - the login endpoint as specified by your IdP
  4. Logout URL - the logout endpoint as specified by your IdP
  5. Certificate - upload the SHA256 certificate downloaded from your IdP

Microsoft Entra ID

These instructions pertain to Microsoft Entra ID (formely known as Azure Active Directory). Please see this page for more specific details.

Add a New Microsoft Entra ID Application

  1. Log into your Azure Subscription and navigate to https://entra.microsoft.com.

  2. In the left-sidebar menu select Identity -> Applications -> Enterprise applications.

  3. Click All Applications, then click the New application button.

  4. Click Create your own application.

  5. Give your application a name (e.g. PingPlotter Cloud), and select the Integrate any other application you don't find in the gallery (Non-gallery) option, then click create.

  6. Click Enterprise applications in the left-hand nav and click on the newly created app.

  7. Click Single sign-on, and select SAML.

  8. Find the Basic SAML Configuration section, and click the edit icon.

  9. Click Add identifier, and paste this value: https://pingplotter.cloud.

  10. Click Add reply URL, and paste this value: https://pingplotter.cloud/api/saml/AssertionConsumerService

  11. Paste this value in Logout Url: https://pingplotter.cloud/api/saml/SingleLogoutService.

  12. Click save

  13. Find the SAML Certificates section, and click the Download link for the Certificate (Raw) (you will need this later).

  14. Find the Set up EntraID-SAML section, copy the following fields and save them for when you configure PingPlotter.

    • Login URL, e.g. http://login.microsoftonline.com/{tenantId-GUID}/saml/

    • Microsoft Entra Identifier, e.g. https://sts.windows.net/{tenantId-GUID}/

    • Logout URL, e.g. https://login.microsoftonline.com/{tenantId-GUID}/saml2/

OneLogin

Add a Custom App

  1. Go to ApplicationsAdd App

  2. Search for and add SAML Custom Connector (Advanced).

  3. Update the Name, icon, etc and hit Save.

App Configuration

  1. Recipient = https://pingplotter.cloud

  2. ACS (Consumer) URL Validator = ^https://pingplotter.cloud/$

  3. ACS (Consumer) URL = https://pingplotter.cloud/api/saml/AssertionConsumerService

  4. SAML not valid on or after = 60

App Parameters

  1. Select Parameters from the left-sidebar navigation.

  2. Click the + button in the upper right.

  3. Field Name = emailaddress

  4. Check the Include in SAML assertion box.

  5. Hit Save.

  6. Value = Email

  7. Hit Save.

Get your Certificate

  1. Select SSO from the left-sidebar navigation.

  2. Change SAML Signature Algorithm to SHA-256.

  3. Hit Save in the upper right.

  4. Hit View Details below X.509 Certificate.

  5. Hit Download.