Skip to main content

Ping Identity

To configure Appsmith to use Ping Identity as a SAML provider, follow the steps below:

Prerequisites

  1. A self-hosted Appsmith instance. See the installation guides for installing Appsmith.

  2. Before setting up Single Sign-On (SSO), ensure that you have already configured a custom domain for your instance.

  3. In Appsmith, go to Admin Settings > Authentication and click Enable on SAML 2.0.

  4. Copy the Redirect URL and Entity ID from the SAML 2.0 configuration page to add them later in the Ping Identity settings.

SAML configurations
SAML configuration in Appsmith

Create application on Ping Identity

  1. Log into your PingOne account. On the homepage, click Add Environment from the top right corner.

  2. On the Create Environment screen, select Build your own solution.

    a. Click PingOne SSO from Cloud Services under the Select solution(s) for your Environment section. Click Next

    b. Enter the environment name and description. Click Finish.

  3. Open the newly created environment and click on Manage Environment.

  4. On the environment homepage, click on Application from the sidebar, then click the + icon to create a new application.

a. Enter the application name and description.

b. Select the Application Type as SAML Application. Click Configure.

c. On the SAML Configuration panel, select Manually Enter.

d. Add the Redirect URL in the ACS URLs field.

e. Add the Entity ID in the Entity ID field.

f. Click Save.

SAML configurations
  1. If you are only interested in simple authentication via SAML, you can skip this step. However, if you want to configure custom claims, follow the steps below:

Open your application, go to the Attribute Mapping tab, click on the Edit ✏️ icon, and add your custom claims:

  • Attributes: Enter the attribute name in the desired format (e.g., userName, email). Copy the claim name to add it later in the Appsmith SAML configurations.

  • PingOne Mappings: Select the appropriate value from the dropdown menu. This mapping connects the attribute in your application to the corresponding value in PingOne.

SAML configurations
  1. Open your application, go to the Configurations tab, and copy the IDP Metadata URL to add it later in the SAML configurations in Appsmith.

  2. On your application panel, switch the toggle button at the top right corner to enable user access to the application.

Register Ping Identity in Appsmith

To complete the SAML configuration, you must register the identity provider on Appsmith. Appsmith provides three options to register the identity provider, as mentioned below:

To register Ping Identity as the identity provider on Appsmith, follow the steps below:

  1. If you are running Appsmith on Google Cloud Run, AWS ECS, or Azure Container Instances, make sure to configure the service before setting up SSO. For more information, see:
  1. Go to the SAML 2.0 configuration page in Appsmith, and navigate to Register Identity Provider section.

  2. Add the copied IDP Metadata URL in the Metadata URL field under the Register Identity Provider section.

  3. To configure custom SAML claims (if added in the Ping Identity's User Attribute) in Appsmith, Click the Advanced section.

a. For each custom claim, enter a name in the Key field that references the custom SAML claim within Appsmith.

b. In the Value field, enter the exact Attributes name that you copied from the Attribute Mapping section.

Once you have added the details, click the SAVE & RESTART button to save the configuration and restart the instance.

info

If you're running Appsmith on a Kubernetes cluster with an HA configuration, after completing the setup, run the following command to ensure the new authentication settings are properly applied:

kubectl rollout restart deployment/appsmith -n

After the Appsmith instance restarts, try logging in again to your account. You'll see a login screen with the SIGN IN WITH SAML SSO button.

SAML-login
Login with SAML SSO

Troubleshooting

If you are facing issues contact the support team using the chat widget at the bottom right of this page.

See also