User story

As a PRTG Admin, I want ability to authenticate to PRTG via PingFederate solution from Ping Identity SSO provider.

Details of user story

Currently PRTG only supports single SSO provider – MS Azure AD. This feature request is to enable PRTG authentication via PingFederate or PingAccess from Ping Identity provider.

PingFederate supports the following standard protocols which are the same for MS Azure AD:

  • SAML 2.0/ WS-Fed
  • OAuth/ OpenID

Ideally the solution would be built so that it works with any SSO provider compatible with the above standard protocols.

Typical configuration options needed by these protocols are:

SAML 2.0/ WS-Fed

Application Name

A plain-language identifier for the connection; for example, a company or department name. This name is displayed on the log in page and will served as the connection name on the Ping Federate administrative console.

Entity ID

Unique identifier of the application/Application URL. This ID defines your organization as the entity operating the server for SAML 2.0 transactions. Based on previous observations on apps integrated, this is a value that can be derived from the Admin configurations that can be checked from application side.

Endpoint URL

The link where the attributes will be accepted by your application. A web service endpoint is a web address (URL) at which clients of a specific service can gain access to it. By referencing that URL, clients can get to operations provided by that service.

Attributes

A specification that is aligned to organization’s directory (LDAP/AD..), such as email, first and last name, user id.

Logout URL

The URL where the user redirects after they logout.

OAuth/OpenID

Application Name

A plain-language identifier for the connection; for example, a company or department name. This name is displayed on the log in page and will served as the connection name on the Ping Federate administrative console.

Client ID

Public identifier of application, a simple string which needs to be identical on both ends – Ping and application OAuth configuration. The?Client ID is defined as the value used by the client to identify itself to the authorization server. It must be unique across all clients that the authorization server handles. Many implementations use something like a 32-character hex string. Normally, this is encoded for OAuth connections that have been previously handled. It can be viewed by the administrators of the application. Ideally, Client ID should be generated on the application side and not from Ping.

Redirect URL

The link where the attributes will be accepted by your application. A web service endpoint is a web address (URL) at which clients of a specific service can gain access to it. By referencing that URL, clients can get to operations provided by that service.

Attributes

A specification that is aligned to organization’s directory (LDAP/AD..), such as email, first and last name, short name, T-Number.

Logout URL

The URL where the user redirects after they logout.

For more technical information please check For PingID: https://docs.pingidentity.com/ or https://www.pingidentity.com/developer/en/index.html

https://www.pingidentity.com/en/platform/single-sign-on/software-sso.html

For MS Azure AD: OAuth2 OpenID Saml

Acceptance criteria

Ability to configure PingID to authenticate to PRTG.

Status

Open

Article Comments