Ping Identity is an SSO Provider that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Ping Identity as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for HackEDU as the Service Provider (SP).

All SSO communication takes place over TLS/SSL.

Configuring Ping Identity

The first thing you need to do is log in to your Ping Identity account and add HackEDU the HackEDU application.

To add the HackEDU app, click "Applications", then "Add Application", then "New SAML Application", and select "SP Initiated SSO".

Use the settings found below.  You will need to map your email address field in the SAML claims as well.

SP Connection

Entity ID:
 urn:amazon:cognito:sp:us-east-1_CHi5tsM8X   

Base URL:
  https://app.hackedu.com/login?domain=YOUR_DOMAIN.COM  

Browser SSO

It is important that SP-Initiated SSO is enabled under SAML Profiles.

Assertion Creation

For attribute contracts, make sure to the Name ID Format is: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

And the ApplicationUsername attribute is set to urn:oasis:names:tc:SAML:2.0:attrname-format:basic

Protocol Settings

Assertion Consumer Service URL Endpoint: https://auth.hackedu.com/saml2/idpresponse (POST) 

Metadata File (For Reference)

<?xml version="1.0"?>
<md:EntityDescriptor entityID="urn:amazon:cognito:sp:us-east-1_CHi5tsM8X" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>MIICvDCCAaSgAwIBAgIIF7E0eYsy6vowDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UEAwwTdXMtZWFzdC0xX0NIaTV0c004WDAeFw0yMDAyMTExNzAzNTJaFw0zMDAyMTExNzAzNTJaMB4xHDAaBgNVBAMME3VzLWVhc3QtMV9DSGk1dHNNOFgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZjreEolViBOYRCxE5SaNHLk0EbSQ3ndVXrhtqmF5fG84JP8hQmAIdCBBtDu44vhyzv1a/a53w4CiccYw8D79rV9gX46vX4/hdqVTgXD/BEtWJwlkUZrgT3vXcXPj3Je83nbtEzxeijvRNU+YDxIw7IzEtZNi7oxoL63YSfnsTe5BNwaZ4nLH5DpwESxAk8nflp2IQIfLOOXWQncBHOeTpOKI5dZfF/8WYLk5if785dPKCjQyTihgyMzcKERhq2mDm9vjzuLHKp05dgQ8eH30oXd1fKfVbDM730VWSKfrNbMktAnsJs9qCehczk5mGnRps+H3ERkkeRyh8yQacuY2rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJA0IHi2RlFmLOzVfQ9AjF0n1G9lJ4HHXmdj+3DdXTE7bt8I1Gdb+Rcd7O+TXX+0COYGGuRBpeG+yW/BH5lU78Rccr+QhpQuLmU5C9tzpViSO0/Y3PpxOeAbKQnC1BRj25Ycra+iFMpaTeu/M+s+cXRfJ1dVqnzn5ncrvseOziP9IRhSvBbiv4CVi7Im4cqBpY17CtbFeE0RY9IC2YAjNDKqSNqlfB+Zr44JgoXMlxfpIElwdNmXSYt7qTMKhSDBdfNTEatIbmeHAFeIi0xx1UofRPHGSdaB2PdwSVpjyP0a9tUgJ1vC+zwKq+FsCcqlj4USztKuE9gIX3zK69ucch8=</X509Certificate>
        </X509Data>
      </KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://auth.hackedu.com/saml2/idpresponse" index="1"/>
  </md:SPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en-US">HackEDU, Inc.</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en-US">HackEDU</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en-US">https://hackedu.com</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="technical">
    <md:GivenName>Support</md:GivenName>
    <md:EmailAddress>support@hackedu.com</md:EmailAddress>
  </md:ContactPerson>
  <md:ContactPerson contactType="support">
    <md:GivenName>Support</md:GivenName>
    <md:EmailAddress>support@hackedu.com</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

 

Automatically Sync Teams to HackEDU (optional)

If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.

 

Upload Metadata File to HackEDU

Download the "Certificate" and "SAML Metadata" file and ensure that the attribute mapping Email is sent as the ApplicationUsername.

You can follow the instructions on this page to upload your Metadata File in the HackEDU Admin Dashboard.

Did this answer your question?