How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

In this new post we will show you a “step by step” on how to setup SAML on Ping Identity’s portal and how to set this up in VirtualUI.

First of all, open the VirtualUI manager and go to the ‘Authentication’ tab. Once there, click ‘Add’ and select ‘SAML’:
 In this new post we will show you a “step by step” on how to setup SAML on Ping Identity’s portal and how to set this up in VirtualUI. First of all, open the VirtualUI manager and go to the ‘Authentication’ tab. Once there, click ‘Add’ and select ‘SAML’:

Add a “Name” and “Virtual Path”. For testing purposes use ‘SAMLACS’ as Virtual Path (we will use this information later on):
Add a “Name” and “Virtual Path”. For testing purposes use ‘SAMLACS’ as Virtual Path (we will use this information later on):

Now, log into your Ping Identity admin portal and create a new “Web App”.
Select the SAML option:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML n portal and create a new “Web App”. Select the SAML option:

Fill out “Name”, “Description” and click next:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

In the next step we have to configure the Assertion Consumer Service URL, you must enter your public URL for your VirtualUI server followed by the Virtual Path of the authentication method you configured in the VirtualUI manager:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

So this should look something like this: http(s)://Server_DNS:port/SAMLACS
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Below the ACS URL you will be able to download the signin certificate. Download this and store it somewhere in your VirtualUI server:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Enter the “Entity ID” URL, this is the public URL for your VirtualUI server (e.g. http(s)://Server_DNS:port):
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Set the assertion validity duration, the minimum value is 60 seconds:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

In the SAML Attributes, choose ‘Email Address’ and click ‘Save and Continue’.:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Now that we have SAML configured in Ping Identity, we have to set up VirtualUI. Before we go to the VirtualUI manager, select the ‘Configuration’ tab of your SAML application and copy the ‘Issuer ID’ and ‘Single Signon Service’:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Back in the VirtualUI manager, we need to fill the following information:

    • Service Identifier = Identity Provider “Entity ID”
    • Service Certificate File = Your certificate file
    • Service Certificate Password = Your certificate’s password
    • Identificacion Entity ID = Issuer ID
    • Single Sign-On Service URL = Identity Provider “Single SignOn Service URL”
    • Sign-Out URL = This value is optional
    • Partner Certificate File = X.509 Certificate provided by Ping Identity

How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Back in the ‘Authentication’ tab, switch to the ‘Mappings’ tab and map your email address to the local AD user or group:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Above, I mapped an email address to an AD user, but you can also use a wild-card. For instance, you can add “*@cybelesoft.com” as “Authentication ID mask” and map this back to the ‘Cybelesoft\Domain Users’ group in your AD.
Finally we have to enable user access to SAML on Ping Identity, you will find a little switch to do so in its settings:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

It should look like this:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

Now after applying the changes to the VirtualUI manager,go to the VirtualUI site and you should be able to see the ‘Ping Identity SAML’ authentication method listed:
How to configure Thinfinity VirtualUI to authenticate using Ping Identity’s SAML

If you have any questions regarding the SAML configuration, you can leave a comment below or send us an email at [email protected]. Cheers!

Have any questions?

Book a call today to learn more about how Thinfinity® can help your organization. We are always available to guide you and provide the best solution based on your specific needs.

Add Comment

Thinfinity_logo

Get a Demo

Experience how Universal ZTNA with Thinfinity® integrates with VDI and DaaS for unmatched security and flexibility.

Blogs you might be interested in

<span>Authentication</span>, <span>Independent software Vendor (ISV)</span>, <span>IT Admin</span>, <span>IT Security</span>, <span>Ping Identity</span>, <span>RBAC</span>, <span>SAML</span>, <span>Thinfinity VirtualUI</span>, <span>Thinfinity Workspace</span>