1. Support | DataCamp
  2. Groups
  3. For Admins
  4. SSO (Single Sign-On)

PingFederate Configuration Instructions

Updated

Step 1: Log In and Start a New SP Connection

  1. Log in to PingFederate: Open your browser, navigate to the PingFederate Admin Console, and sign in with your administrator credentials.
  2. Navigate to IdP Configuration: On the left-hand menu, go to the IdP Configuration section.
  3. Create a New SP Connection: Click Create New under the SP Connections area.
cefbc8ad-09b7-427f-be07-b23a67acf168.png

 

Step 2: Select Connection Template and Options

  1. Choose Connection Template: On the Connection Type page, select the Browser SSO Profiles connection template and click Next.
108c3ca7-b990-4ca1-871f-a6606d1bcf2c.png
  1. Select Connection Options: On the Connection Options page, check the Browser SSO option and click Next.
5d3894eb-30d3-4b4e-be7d-24cceb17dba0.png
  1. Skip Metadata Import: On the Import Metadata page, simply click Next to skip this step.

 

Step 3: Enter Partner and Base URL Details

  1. Provide DataCamp Details: 
    1. In the Partner’s Entity ID (Connection ID) field, enter your DataCamp subdomain found in DataCamp Groups Settings.
    2. Enter your desired Connection Name.
    3. In the Base URL field, paste the Assertion Consumer Service URL you obtained from DataCamp.

Scroll down and click Next.

d8085fd3-e47e-4fe3-bdde-5bb5606cb203.png

 

Step 4: Configure Browser SSO and SAML Profiles

  1. Configure Browser SSO: On the Browser SSO page, click Configure Browser SSO.
  2. Select SAML Profiles: On the SAML Profiles page, check both IdP-Initiated SSO and SP-Initiated SSO options, then click Next.
902e623b-589f-4f01-8b52-6909b49c223a.png
  1. Set Assertion Lifetime: Enter your desired Assertion Lifetime (in seconds) and click Next.

Step 5: Configure Assertion Creation

  1. Start Assertion Creation: On the Assertion Creation page, click Configure Assertion Creation.
  2. Select Identity Mapping: Choose the Standard Identity Mapping option and click Next.
55c7c0b9-c193-4cc1-aad4-6d872358f438.png

 

  1. Adjust Subject Name Format: Change the Subject Name Format for the SAML_SUBJECT to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
6545aec1-3460-4171-ae8a-009a1372b7c7.png

 

  1. Map Adapter Instance
    1. Click Map New Adapter Instance on the Authentication Source Mapping page.
    2. Choose your desired Adapter Instance. For example, if you’re using the PingOne HTML Form Adapter, select it. (Ensure the adapter provides the user’s email address.)
    3. Click Next.

 

6c3cf53c-76dd-49e9-a532-f2f7b8a4bc2f.png

 

  1. Select Adapter Contract Values: If your adapter meets DataCamp’s requirement (providing the user’s email address), select Use only the adapter contract values in the SAML assertion and click Next.

 

6e4d92b6-1985-4d70-97bd-57fa022bc768.png
  1. Set SAML_SUBJECT Source: Set the SAML_SUBJECT Source to your adapter and its Value to the user’s email address, then click Next.
d176e11b-8438-498b-9ff6-66cf8de93250.png

 

  1. Configure Issuance Criteria: Specify any authorization conditions if needed on the Issuance Criteria page, then click Next.
fcc18bbd-35b4-4a00-97b3-36047ddd7763.png

 

  1. Finish Assertion Creation: On the Adapter Mapping Summary page, click Done. Then, click Next on the Assertion Creation page, and finally click Done on the Assertion Creation Summary page. Click Next to continue.

 

Step 6: Configure Protocol Settings

  1. Begin Protocol Settings: Click Configure Protocol Settings on the Protocol Settings page.
  2. Set Binding and Endpoint:
    1. Set the Binding to POST.
    2. Paste the Assertion Consumer Service URL (copied from DataCamp earlier in Step 7) into the Endpoint URL field.
    3. Click Add
b0440bc3-efe8-4523-9b1e-2ed33f30e77b.png

 

  1. Add other Other Allowed ACS URL 
    1. Click Add again and paste the Other Allowed ACS URL from the same page where you obtained your Assertion Consumer Service URL in step 7. Keep binding at POST.
    2. Click Add, then Next
1e286353-07eb-4a1e-b2cc-5745b484cd50.png
  1. Allowed SAML Bindings: On the Allowable SAML Bindings page, check POST and click Next.
  2. Signature and Encryption Policies:
    1. Click Next on the Signature Policy page.
    2. Click Next on the Encryption Policy page, then click Done on the Protocol Settings Summary page.
  3. Finalize Protocol Settings, Click Next on the Protocol Settings page to move forward.
  4. Browser SSO Summary, On the Browser SSO Summary page, click Done, then click Next on the Browser SSO page.

 

Step 7: Configure Credentials and Activate the Connection

  1. Configure Credentials: On the Credentials page, click Configure Credentials.
  2. Select Signing Certificate:
    1. Choose the Signing Certificate you want to use with DataCamp.
    2. Use the certificate’s serial number (noted earlier) to identify the correct one.
    3. Check the box Include the certificate in the signature element.
    4. Click Next.
65483743-b06e-4524-b6dc-1fbea5f905a8.png
  1. Digital Signature Settings Summary: On the Digital Signature Settings Summary page, click Done, then click Next on the Credentials page.
    1. Export the metadata for the newly-created DataCamp SP connection.
    2. Export the signing certificate.
  2. Activate the Connection: On the Activation & Summary page, change the Connection Status to Active. Scroll down and click Save.

 

Step 8: Configuring DataCamp Side

  1. Paste the entityID value that you copied previously in step 27 to the Entity ID / Issuer URL field.
  2. Paste the Location value you copied previously in step 27 to the Login URL / SSO Endpoint  field.
  3. Paste the PingFederate certificate into the IdP Certificate field including ---BEGIN and ----END.
5cf43fdb-1d4e-49eb-98c5-5709884245cd.png