SSO/SAML Setup: PingOne for Enterprise

Note: DataGrail only supports connections with SAML v2.0.

PingOne Enterprise: SAML Configuration

1. Admin login to PingOne for Enterprise: https://admin.pingone.com/

2. Create the SAML Application

3. 1. Navigate to Applications > My Applications > SAML
   2. Press Add Application > New SAML Application

3. Application Details:

• Name: DataGrail
• Description: YourCompanyName,Privacy Platform, DSAR fulfillment
• Category: Compliance
• Graphics: DG Logo.png [see attached in email]

4. Application Configuration

5. 1. Required Fields:
      1. Signing Certificate: PingOne Account Origination Certificate
      2. Protocol Version: SAML 2.0
      3. Assertion Consumer Service (ACS): https://[yourdomainhere].datagrail.io/saml/auth
         1. Example: if DataGrail was installing this saml solution to host our own platform login, the above url would be https://datagraildemo.datagrail.io/saml/auth
      4. Entity ID: https://[yourdomainhere].datagrail.io/saml/metadata
         1. Example: if DataGrail was installing this saml solution to host our own platform login, the above url would be https://datagraildemo.datagrail.io/saml/metadata
      5. Application URL: https://[yourdomainhere].datagrail.io
         1. Example: if DataGrail was installing this saml solution to host our own platform login, the above url would be https://datagraildemo.datagrail.io
      6. Signing: Sign Response
      7. Signing Algorithm: RSA_SHA256
      8. Force Re-authentication: true (checkbox)
   2. Default (leave alone)
      1. Single Logout Endpoint:
      2. Single Logout Response Endpoint:
      3. Single Logout Binding Type:

5. SSO Attribute Mapping

6. Add new attribute

6. Group Access

7. 1. Add appropriate groups for access

8. Review Setup

9. 1. Ensure data is correct
   2. Ensure the SAML Metadata URL is an .xml file
   3. Finish