Important: These instructions apply only to Flow Enterprise Server.
Below is a step-by-step guide for connecting your PingOne account to Flow Enterprise Server with SSO.
-
Follow the steps to add an application to PingOne (external site, opens in new tab).
-
Set the application type to SAML application.
-
-
Either copy the XML metadata file or the metadata URL.
-
In another tab, open Flow.
-
From the top navigation, click Settings.
-
In the left navigation, click SSO under User Management.
-
Click Add SAML integration.
-
In the Configure SAML modal, paste the copied metadata file or URL into the Metadata field.
-
Fill in the Entity ID/Sign in URL field with the URL you'll use to log in with after you configure your integration. You can use your organization name or something else, but it must be unique. Copy this Entity ID/Sign in URL.
-
Copy the Entity ID/Sign in URL from Flow.
-
In the Full name field, input FirstName LastName. This field is case sensitive and must match this input exactly.
-
In the Email field, input Email. This field is case sensitive and must match this input exactly.
-
Complete these optional settings as needed:
-
Role Key: Fill out this field if you want user roles to be mapped from the attribute value assertion via this key.
-
Manage Roles within Flow: Check this box if you want Flow to manage your user’s role. New users are given a default role upon logging in.
-
Merge New Users on Email: Check this box if you already have users invited into your Flow account using non-SSO logins. This automatically deletes the previous logins and forces all existing users to log in via your SSO platform.
-
-
In PingOne, input the Entity ID/Sign in URL from Flow in both the Entity ID and ACS URLs fields.
-
Click Save.
-
Next, add attributes to your application. Learn more about editing an application (external site, opens in new tab). Add the following attributes, and map them as needed. These fields are case sensitive and must match the following inputs exactly:
-
FirstName
-
LastName
-
Email
-
Roles (only if you plan to handle roles in PingOne)
-
-
If you have the option, select GetLocalPartFromEmail.
-
Make sure all attributes, except Roles, are required.
-
Click Save and Continue.
- Configure your application access controls (external site, opens in new tab) as desired.