Platform Documentation
      Back to home
      1. Help Center
      2. Platform Documentation

      PingFederate SAML 2.0

      Configure PingFederate SAML 2.0 with Aware

      Customer will need to provide the following information to Aware in order to complete the SSO integration for Aware. 

      • Identity Provider Single Sign-On URL
      • X.509 Certificate

      Please follow the instruction below to complete the steps required for adding Aware to customer's PingFederate environment:

      Hint: Identity Provider Single Sign-On URL and X.509 Certificate information will be generated at the end of this instruction.

      1. Login into your PingFederate Identity Provider Admin View 

      C940FD02-A097-46DC-A22A-344D4C8B6FEB

      2. Go to  SP Connection > Create New

      3. Connection Template: DO NOT USE A TEMPLATE FOR THIS CONNECTION

      58DCE9C7-5A33-43E6-9746-FC56B5183676

      4. Connection Type: BROWSER SSO PROFILES | PROTOCOL SAML 2.0

      D8A3A837-CE6B-4EC4-AE26-0DB55F8C5310

      5. Connection Options: BROWSER SSO

      6536AC44-B76E-4CA2-8A3C-89C4A1E5C65A

      6. Import Metadata: METADATA: NONE

      A7F2A081-A61C-4FCF-ADA7-11EB3F489401

      6. General Info:

      • Single sign on URL: https://wiretap-prod.auth0.com/login/callback?connection=YOUR_DOMAIN_NAME
      • PARTNER'S ENTITY ID (CONNECTION ID): urn:auth0:wiretap-prod:YOUR_DOMAIN_NAME
      • CONNECTION NAME: Aware
      • BASE URL: https://wiretap-prod.auth0.com
      • COMPANY: Aware
      • LOGGING MODE: STANDARD

      F06B9647-3AE1-4C6C-A5C9-8E6417FDDDB6

      Note: YOUR_DOMAIN_NAME value is usually your company email domain without .com. For example, our company domain is awarehq.com the value will be awarehq (ex. https://wiretap-prod.auth0.com/login/callback?connection=awarehq AND urn:auth0:wiretap-prod:awarehq). Please check with your Customer Success Manager if you are unsure about what value you should use here.

      7. Browser SSO: Configure Browser SSO

      64B0F3DB-9AC7-43A5-AAC9-1E5E2AA520F8

      8. Browser SSO | SAML Profiles: SP-INITIATED SSO | SP-INITIATED SLO

      FA1A976A-08B8-4861-98D0-1BA5B5C79318

      9. Browser SSO | Assertion Lifetime: MINUTES BEFORE: 5 | MINUTES AFTER: 5

      198A7126-AD33-4D33-85D9-9E28448C6ED1

      10: Browser SSO | Assertion Creation: Configure Assertion Creation

      79C4E2C9-0940-4D1D-81DA-9232B2533EAA

      11: Browser SSO | Assertion Creation | Identity Mapping: STANDARD: send the AP a known attribute values as the name identifier. The SP will often use account mapping to identify the user locally. 

      D5593F60-B156-46C0-99BA-56A3E5F1C114

      12: Browser SSO | Assertion Creation | Attribute Contract:

      • SAML_SUBJECT: urn:oasis:names:tc:SAML:11:nameid-format:unspecified
      • Extend the Contract: urn:oasis:names:tc:SAML:2.0:attrname-format:basic

      95A06F4A-256D-462D-AF8C-A9E2201008B6

      13. Browser SSO | Assertion Creation | Authentication Source Mapping:

      411CB149-7A78-4123-8F45-0E48F2C801EB