# SSO With Ping Identity (SAML) ### Overview This guide provides step-by-step instructions on how to configure single sign-on (SSO) with Ping Identity using the Security Assertion Markup Language (SAML) 2.0 authentication standard. ### Prerequisites To get started, make sure the following conditions are met: * In Ping Identity, you must have elevated privileges or be an administrator with the ability to manage application settings. * In StrongDM, your permission level must be set to Administrator. * Ensure you have a unique identifier for users. Only email address is currently supported. ### Steps {% hint style="info" %} We recommend that you keep both Ping Identity and the Admin UI open in your browser so you can easily tab between them. {% endhint %} #### Begin to configure StrongDM 1. In the StrongDM Admin UI, go to **Settings** > **User Management**. 2. Click the **Lock** icon to make changes. 3. Click **Yes** to enable single sign-on. 4. Select **Ping Identity (SAML)** from the **Provider** dropdown menu. ![](/files/CHkGagm9DPQGMl3X8pWY) 1. From the **Configure Ping Identity** section, copy the **StrongDM Metadata URL**. This URL is necessary when you configure your Ping Identity SAML application. ![](/files/Bi52CRj0cl1gtcJMcpCy) #### Create a new Ping Identity SAML application 1. In the PingOne admin console, select the appropriate environment and navigate to **Connections > Applications**. 2. Click the **Plus** icon, select the **SAML Application** type, and name the new application. 3. From the **SAML Configuration section**, select **Import from URL**. * Paste the **StrongDM Metadata URL** in the **Import URL** field. * Click **Import**. 4. From the **Configuration** tab, copy the **IDP Metadata URL**. 5. Go back to the Admin UI. In the **Add SAML metadata** section, paste the **IDP Metadata URL** in the **Metadata URL** field. ![](/files/5qewKOb6Uujv5ENvaBeM) #### Map attributes and turn on the app 1. In the Admin UI, copy the **email URN** from section **Map attributes** and go back to the PingOne admin console. ![](/files/yMFZw85iV7ng3A8f80OD) 2. From the **Attribute Mappings** tab, add an attribute mapping. 3. In the column with your app's name (on the left), paste the **email URN** in the field. In the **PingOne** column, enter `Email Address` in the corresponding field. 4. When you are finished configuring the required and desired settings, save your progress and set the app to **On**. #### Configure other StrongDM settings In the Admin UI, configure the remaining settings (for example, **Allow password login for admins?**). If you wish to allow users to log in via a link from Ping Identity, enable **Allow IDP Initiated Authentication**. Click **Save** when you are finished. ![](/files/ZE6I8YH46M7U5xxlSHNN) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/principals/sso/ping-identity-saml.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.