Integrating Ping Identity SSO with Axis LMS
If you use Ping Identity as your SAML identity provider (IdP), you can use the information in this document to set up SAML authentication for your Axis LMS.
These steps assume that you have permissions for modifying your organization’s Ping Identity portal.
Note
- : These steps reflect a third-party application and are subject to change without our knowledge. However, even if the steps described here do not fully match the screens you see in your IdP account, using these steps along with the IdP’s documentation should still enable you to configure the integration.
Step One: Begin Adding The Integration In Axis LMS
- While signed in to Axis LMS as an administrator, go to System > Integration > Single Sign-On (SSO) > SAML Sign-In
- Click the + Add An Integration button.
- Select Ping Identity from the list of SAML Identity provider.
- Keep this screen/tab open for now as we will refer to it later.
- Figure 1: Add A New Integration Screen in Axis LMS
Step Two: Adding Axis LMS To Your Ping Identity Applications
- In a new tab/window, access Ping Identity.
- In Ping Identity, select the environment you would like to add the Axis LMS application to.
- Go to Connections > Add Application.
- Click on the Web App application type, then click the Configure button next to the SAML option.
- Edit the Application Name, entering Axis LMS
- Accept other default values for now and click Next.
- Keep this screen/tab open for now as we will refer to it later.
- Figure 2: Ping Identity > Add SAML Application
Step Three: Add Service Provider Details To Ping Identity
In this step, we’ll define the service provider values that Ping Identity will need to identify your app.
- On the Add A New Integration screen in Axis LMS, go to the Service Provider Details section.
- In Ping Identity, under Provide App Metadata, select the option to Manually Enter.
- Copy values from Axis LMS into the Ping Identity fields as shown below.
- Set Subject NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Set Assertion Validity Duration to 180.
- Leave all other values as is and click Save & Continue.
| Copy Axis LMS Field Value | to | Ping Identity Configuration Tab Field |
|---|---|---|
| Entity ID | to | Entity ID / Issuer URL |
| Assertion Consumer Service / SSO Service | to | ACS URLs |
| Single Logout Service | to | SLO Endpoint |
Step Four: Defining User Attributes
In this step, we’ll define the information about the user (id, email address, first name, last name) that need to be passed to Axis LMS.
- In Ping Identity, click the Add Attribute link and select PingOne Attribute.
- In the Pingone User Attribute dropdown, select User ID.
- Under Application Attribute enter "uuid" (without quotations).
- Repeat this sequence three more times, using the fields/values below
| Pingone User Attribute | to | Application Attribute |
|---|---|---|
| Email Address | to | emailAddress |
| Given Name | to | firstName |
| Family Name | to | lastName |
Note: Even though Ping Identity may provide additional user data that can be passed as parameters, only the parameters listed above are compatible with Axis LMS; all other values will be ignored.
Step Five: Add Identity Provider Details To Axis LMS
In this step, you'll provide Axis LMS with the SAML Identity provider values it needs to communicate with Ping Identity.
- In the Ping Identity Application listing, click on the Configuration tab for the application you just created.
- Copy values from the Configuration tab and paste them into the Identity Provider Details section of Axis LMS, as shown below
| Copy Configuration Tab Field Value | to | Axis LMS Field Value |
|---|---|---|
| Issuer ID | to | Entity ID / Issuer URL |
| Single Sign on Service | to | SAML 2.0 Endpoint / SSO URL |
| Download Metadata > Open In Text Editor > X509Certificate | to | X.509 Certificate |
After copying values from the SSO tab into the Identity Provider Details section of Axis LMS, it should look something like this:
- Figure 3: Axis LMS Identity Provider Details
Step Six: Finishing Up & Testing
Enable the application in Ping Identity by the toggle button to the right of the application title. At this point you've completed all the necessary steps to configure the Axis LMS application in Ping Identity.
In Axis LMS, on the Add A New Integration screen, finish configuring the User Login settings and then click Save to save the integration in Axis LMS.
To test your new integration, you'll need to give users access to your new application in Ping Identity before using the newly generated Axis LMS login link for this integration. For more information on granting users access to your application via Ping Identity, please refer to the IdP's documentation.