PingOne

Creating a web application

Now that we’ve added our environment, and created new users and a group, we’ll create a web application that uses a SAML connection.

Steps

  1. In the PingOne admin console, go to Applications > Applications.

  2. Click the icon.

    Screen capture of the Applications page showing the Add Application icon

  3. In the Add Application panel, enter an Application Name.

    You can also enter a Description (optional).

    Add an icon for your application so that it’s easy to identify in the External Applications portal.
    A screen capture of the application details panel

  4. Click SAML Application and then click Configure.

  5. For SAML Configuration, select Manually Enter.

  6. Enter the following:

    • ACS URLs: https://decoder.pingidentity.cloud/saml

    • Entity ID: pingidsamldecoder

  7. Click Save.

  8. At the top of the panel, click the toggle to enable the application.

    A screen capture of the application details panel showing the enable toggle switch

Limiting access to the application

We’ll now limit access to the application to the Sales group.

Steps

  1. Go to Applications > Applications. Locate your application and click the application entry to open the details panel.

  2. Click the Access tab and then click the pencil icon.

  3. Under Groups, select the check box for the Sales group.

    Screen capture of the web application open in edit mode to the Access tab with the Sales group selected

  4. Click Save.

Assigning the Multi_Factor authentication policy to the application

We’ll now assign the Multi-factor authentication policy to your web application. The application should still be open for edit.

Steps

  1. Go to Applications > Applications. Locate your application and click the application entry to open the details panel.

  2. Click the Policies tab and then click the pencil icon.

  3. Under PingOne Policies, select the check box for the Multi_Factor policy.

    A screen capture showing the Policies tab

  4. Click Save.

Optional: Configuring PingID policy

You can configure the default PingID policy to add additional authentication methods and other policy criteria. Learn more in Configuring strong authentication methods (MFA).

Steps

  1. In the PingOne admin console, go to Authentication > Authentication.

  2. Expand the Multi_Factor policy and click the Pencil icon () to edit it.

  3. In the PingID Authentication step, click the link to Configure now.

  4. Configure the PingID policy and then click Save.

Next steps

Continue this demo by Performing the user simulation.