Note: For SSO integration to be accessible, RoboForm clients (Windows, Mac, browser extension) must be updated to Version 9.5.7 or later.
Ping Identity SSO
RoboForm Single Sign On (SSO) integration allows users to be automatically signed into RoboForm without needing to use a Master Password. Instead the user will be redirected to the Ping Identity authentication portal where they will be able to verify their identity through Ping Identity.
This article will cover how to enable SSO integration through Ping Identity, additional documentation from Ping's help center may be useful as an additional reference point during this process and can be found here.
Integrate RoboForm with Ping Identity
1) Sign into your Ping Identity Management console and navigate to Applications.
2) Click the blue + to create a new Application.
3) Name the new application, set the application type to Single-Page, and click Save.
4) In the newly created application open the Configuration tab and click the edit button.
5) Set the Response Type to Code, making sure that Token and ID Token are disabled. Set the Grant Type to Authorization Code and the PKCE Enforcement to REQUIRED, make sure that Implicit is disabled.
6) The Redirect URI indicates what address Ping's authentication can reach RoboForm at once the authentication has been completed. Each of the following URIs must be entered separately, each represents one of the portals a user may access RoboForm through.
http://localhost:42019/oidc-callback
http://localhost:42020/oidc-callback
http://localhost:42021/oidc-callback
https://pnlccmojcmeohlpggmfnbbiapkmbliob.chromiumapp.org/oidc-callback
https://ljfpcifpgbbchoddpjefaipoiigpdmag.chromiumapp.org/oidc-callback
https://online.roboform.com/oidc-callback
Once each of the URIs have been added click Save.
7) Open the Resources tab and click the edit button.
8) Locate and enable the p1:read:user and p1:update:user resources then click Save.
9) Enable the RoboForm application.
10) Navigate to Directory >> User Attributes.
11) Click the blue + to create a new attribute.
12) Set the attribute to Declared and click Next.
13) Set the Name to roboformKey. The Display Name can be anything, we recommend setting it to RoboForm Key. Once both fields are filled click Save.
14) Navigate back to the previously created RoboForm application and open the Configuration tab. Expand the URLs section and copy the OIDC Discovery Endpoint and Client ID to a notepad file for later use.
15) In a new tab open the RoboForm for Business administrator console and navigate to Integrations.
16) Select Ping Identity, open the Single-Sign On tab, paste the previously copied Client ID and OIDC Discovery Endpoint into their respective fields, and click Next.
17) Set which users will have SSO enabled:
No one - This option will complete the SSO integration but will not activate it for any users.
All Users and Groups - This option will enable SSO for all users in the company.
Selected Groups - This option will enable SSO for users in specified groups.
This setting can be changed after the setup is complete.
When ready click Activate SSO Integration, this will open a prompt for final confirmation to complete RoboForm's integration with Ping Identity.
SSO integration has now been configured for Ping Identity. All users that this functionality has been assigned to can begin signing into RoboForm using SSO.
Comments
0 comments
Please sign in to leave a comment.