Configuring PingOne For SSO

This section documents the standard configuration for PingOne as an identity provider to support log in to the DataGrail app. With this configuration, user roles must be managed within DataGrail.

Persons Needed to Complete Configuration: IT Person from your organization

Log in to PingOne for Enterprise.
Navigate to Applications, My Applications, and then SAML.
Select Add Application and select New SAML Application.
Complete the SAML configuration.

SAML Configuration

Signing Certificate: PingOne Account Origination Certificate

Protocol Version: SAML 2.0

Assertion Consumer Service (ACS): https://<subdomain>.datagrail.io/saml/auth

Entity ID: https://<subdomain>.datagrail.io/saml/metadata

Application URL: https://<subdomain>.datagrail.io

Signing: Sign Response

Signing Algorithm: RSA\SHA256

Force Re-authentication: true

<subdomain> should be replaced with the subdomain configured for your DataGrail account. For example, if you log in to DataGrail at yourcompanyname.datagrail.io, your subdomain is yourcompanyname.

If you are unclear on what your subdomain would be, please confirm with your Account Manager or reach out to support@datagrail.io.

Configure SSO Attribute Mapping.

Required Attributes

Add an attribute named email and select Email for the Literal Value.
Add an attribute named first_name and select First Name for the Literal Value.
Add an attribute named last_name and select Last Name for the Literal Value.

Send the SAML Metadata URL to DataGrail at support@datagrail.io. We will complete the configuration.

Inviting New Users

For more information on adding users and managing roles, see Inviting New Users.

Need help?

If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.