Already have Single Sign-On configured and looking to control user and role provisioning or make Single Sign-On mandatory? Jump to this article to learn more.

Step 1: Create a PingOne Application

Log into https://admin.pingone.com with your administrative account.  Navigate to the applications section, and click Add Application, New SAML Application.  

Fill out the Application Name and Description, then Continue.

Step 2: Configure the PingOne Application

You'll then need to configure the PingOne connection to Red Canary's SAML service provider.  

Click Continue to Next Step.

Map the Email Application Attribute to the Email Identity Bridge Attribute.

Click Save and Publish.

Step 3: Prepare to configure Red Canary

Download your SAML Metadata. This file contains your Entity ID, Identity Provider SLO Target URL, and Identity Provider X509 signing certificate.  

Step 4: Configure Red Canary

Head over to your Red Canary portal and navigate to Administration > Single Sign-On

  • Convert the Identity Provider X509 signing certificate you downloaded to Base64 and paste the text contents into the Identity Provider X509 Cert field
  • Set Identity Provider SSO Target URL to the PingOne application's Initiate Single Sign-On (SSO) URL
  • Set Identify Provider SLO Target URL to https://sso.connect.pingidentity.com/sso/SLO.saml2
  • Set Identity Provider Entity ID to the https://pingone.com/idp/<customer>
  • Set Email Attribute to Email

Check This SSO configuration should be active and click Save Configuration.

That's it! Setting up SAML can be a giant pain in the butt, so if you have any issues, email us at support@redcanary.com.

Did this answer your question?