Ping Identity

Enterprise

To configure Appsmith to use Ping Identity as a SAML provider, follow the steps below:

Prerequisites

1. A self-hosted Appsmith instance. See the installation guides for installing Appsmith.

2. Before setting up Single Sign-On (SSO), ensure that you have already configured a custom domain for your instance.

3. In Appsmith, go to Admin Settings > Authentication and click Enable on SAML 2.0.

4. Copy the Redirect URL and Entity ID from the SAML 2.0 configuration page to add them later in the Ping Identity settings.

SAML configuration in Appsmith

Create application on Ping Identity

1. Log into your PingOne account. On the homepage, click Add Environment from the top right corner.

2. On the Create Environment screen, select Build your own solution.

   a. Click PingOne SSO from Cloud Services under the Select solution(s) for your Environment section. Click Next

   b. Enter the environment name and description. Click Finish.

3. Open the newly created environment and click on Manage Environment.

4. On the environment homepage, click on Application from the sidebar, then click the + icon to create a new application.

a. Enter the application name and description.

b. Select the Application Type as SAML Application. Click Configure.

c. On the SAML Configuration panel, select Manually Enter.

d. Add the Redirect URL in the ACS URLs field.

e. Add the Entity ID in the Entity ID field.

f. Click Save.

5. If you are only interested in simple authentication via SAML, you can skip this step. However, if you want to configure custom claims, follow the steps below:

Open your application, go to the Attribute Mapping tab, click on the Edit ✏️ icon, and add your custom claims:

• Attributes: Enter the attribute name in the desired format (e.g., userName, email). Copy the claim name to add it later in the Appsmith SAML configurations.

• PingOne Mappings: Select the appropriate value from the dropdown menu. This mapping connects the attribute in your application to the corresponding value in PingOne.

6. Open your application, go to the Configurations tab, and copy the IDP Metadata URL to add it later in the SAML configurations in Appsmith.

7. On your application panel, switch the toggle button at the top right corner to enable user access to the application.

Register Ping Identity in Appsmith

caution

If you are running Appsmith on Google Cloud Run or AWS ECS, make sure to configure your service before setting up SSO. For detailed instructions, see the Configure Google Cloud Run for SSO, or Create PostgreSQL RDS for SAML SSO guide.

To complete the SAML configuration, you must register the identity provider on Appsmith. Appsmith provides three options to register the identity provider, as mentioned below:

Metadata URL (recommended)

To register Ping Identity as the identity provider on Appsmith, follow the steps below:

1. Go to the SAML 2.0 configuration page in Appsmith, and navigate to Register Identity Provider section.

2. Add the copied IDP Metadata URL in the Metadata URL field under the Register Identity Provider section.

3. To configure custom SAML claims (if added in the Ping Identity's User Attribute) in Appsmith, Click the Advanced section.

a. For each custom claim, enter a name in the Key field that references the custom SAML claim within Appsmith.

b. In the Value field, enter the exact Attributes name that you copied from the Attribute Mapping section.

Metadata XML

To set up SAML using the raw Metadata XML file, follow the steps below:

1. Open your Ping identity application, go to Configurations, and click Download Metadata.

2. Open the downloaded Metadata file in a browser and copy the XML content.

3. Navigate to Appsmith and add the raw XML in the Metadata XML field under the Register Identity Provider section in the SAML 2.0 configuration page.

4. To configure custom SAML claims (if added in the Ping Identity's User Attribute) in Appsmith, Click the Advanced section.

a. For each custom claim, enter a name in the Key field that references the custom SAML claim within Appsmith.

b. In the Value field, enter the exact Attributes name that you copied from the Attribute Mapping section.

IdP data

If you have Identity provider data like X509 Public Certificate, Email, you can choose this option to configure SAML.

1. Open your Ping identity application, go to Configurations, and click Download Metadata.

2. Open the downloaded Metadata file in a browser.

3. Add the following values from XML tags in IdP Data under the Register Identity Provider section in the Appsmith SAML 2.0 configuration page:

IdP Data Field	Metadata XML Tag
Entity ID	Enter the value of the entityID attribute specified in the <EntityDescriptor> tag.
Single Sign-On URL	Enter the value of location attribute specified in the <SingleSignOnService> tag.
X509 Public Certificate	Enter the value specified in the <X509Certificate> tag.
Email	Enter the value specified in the <NameIDFormat> tag.

3. To configure custom SAML claims (if added in the Ping Identity's User Attribute) in Appsmith, Click the Advanced section.

a. For each custom claim, enter a name in the Key field that references the custom SAML claim within Appsmith.

b. In the Value field, enter the exact Attributes name that you copied from the Attribute Mapping section.

Once you have added the details, click the SAVE & RESTART button to save the configuration and restart the instance.

info

If you're running Appsmith on a Kubernetes cluster with an HA configuration, after completing the setup, run the following command to ensure the new authentication settings are properly applied:

kubectl rollout restart deployment/appsmith -n

After the Appsmith instance restarts, try logging in again to your account. You'll see a login screen with the SIGN IN WITH SAML SSO button.

Login with SAML SSO

Troubleshooting

If you are facing issues contact the support team using the chat widget at the bottom right of this page.

See also

• Remove Account Update Screen