Skip to main content

Privacera Documentation

Set up portal SSO for Privacera Platform with PingFederate

Privacera portal uses PingIdentity’s Platform Portal for authentication using SAML. To set up this integration, you need to:

Configure PingIdentity for SSO

To configure PingIdentity for SSO, you need to:

Add a new application

  1. Sign in to your PingIdentity account.

  2. Under Your Environments , click Administrators.

  3. From the left menu, select Connections.

  4. In the Applications section, click + to add a new application.

  5. In the Application Name field, enter a name.

  6. Provide a description (optionally add an icon).

  7. For Application Type, select SAML Application and then click Configure.

Enter SAML application metadata

  1. Go to the SAML Configuration page.

  2. Under Provide Application Metadata, select Manually Enter.

  3. Enter the ACS URLs:

    https://<portal_hostname>:<PORT>/saml/SSO
  4. Enter the Entity ID:

    privacera-portal
  5. Click Save.

Add attribute mappings

  1. Go to the Overview page for the new application.

  2. Click the Attributes edit button and add the following attribute mapping:

    user.login: Username
  3. Set as Required.

    Note

    If you enter an email address in User.login, the domain name is removed to create a username. For example: john.joe@company.com becomes john.joe.

  4. (Optional) Add the following mappings:

    user.email: Email Address 
    user.firstName: Given Name
    user.lastName: Family Name
  5. Click Save.

Set SLO endpoint and download metadata

  1. In your application, select Configuration and then the edit icon.

  2. Set the SLO Endpoint:

    https://<portal_hostname>:<PORT>/login.html
  3. Click Save.

  4. In the Configuration section, under Connection Details, click on Download Metadata button.

    The metadata file downloads.

  5. Once this file is downloaded, rename it to:

    privacera-portal-aad-saml.xml

    Note

    This file will be used in the Privacera Portal configuration.

Configure privacera-portal-aad-saml.xml

Next, you need to configure Privacera Portal using privacera-manager to use the privacera-portal-aad-saml.xml file.

  1. Run the following commands:

    cd ~/privacera/privacera-manager/
    cp config/sample-vars/vars.portal.saml.aad.yml config/custom-vars/
  2. Edit the vars.portal.saml.aad.yml file:

    vi config/custom-vars/vars.portal.saml.aad.yml
  3. Add the following properties:

    SAML_ENTITY_ID: "privacera-portal"
    SAML_BASE_URL: "https://{{app_hostname}}:{port}"
    PORTAL_UI_SSO_ENABLE: "true"
    PORTAL_UI_SSO_URL: "saml/login"
    PORTAL_UI_SSO_BUTTON_LABEL: "Single Sign On"
    AAD_SSO_ENABLE: "true"
  4. Copy the privacera-portal-aad-saml.xml file to the following folder:

    ~/privacera/privacera-manager/ansible/privacera-docker/roles/templates/custom
  5. Edit the vars.portal.yml file:

    cd ~/privacera/privacera-manager/
    vi config/custom-vars/vars.portal.yml
  6. Add the following properties and assign your values.

    SAML_EMAIL_ATTRIBUTE: "user.email"
    SAML_USERNAME_ATTRIBUTE: "user.login"
    SAML_LASTNAME_ATTRIBUTE: "user.lastName"
    SAML_FIRSTNAME_ATTRIBUTE: "user.firstName"
  7. Run the following to update privacera-manager:

    cd ~/privacera/privacera-manager/
    ./privacera-manager.sh update

You can use Single Sign-on for Privacera using PingFederate.