PingOne® for Enterprise is a Single Sign-on (SSO) solution that enables enterprises to give their users federated access to applications with a single click from any browser or mobile device.
After you’ve completed the Wavefront integration for PingOne for Enterprise setup, all users in your enterprise that can authenticate to PingOne for Enterprise can also log in to your Wavefront instance. What those users can do depends on their permission. All users are in the Everyone group and have, at a minimum, view permissions for dashboards and alerts. Additional permissions depend on the Permissions setup in your Wavefront instance. See Roles, Groups, and Permissions.
Step 1. Adding a Web Application to PingOne Catalog
- Log in to PingOne, click the Applications tab.
- Under My Applications, click Add Application, and click New SAML Application on the menu.
- On the Definition page, create a new application by providing values for following settings:
- Application Name -
- Application Description -
- Category - Information Technology.
Graphics - Save the Wavefront logo:
Browse to the logo file and upload.
- Click Continue to Next Step.
- Application Name -
- On the Configuration page, enter the application configuration details:
- Protocol Version - Select SAML 2.0 from the list.
- Assertion Consumer Service - https://YOUR_CLUSTER.wavefront.com/api/saml/login/
- Entity ID - https://YOUR_CLUSTER.wavefront.com
- Signing Algorithm - RSA_SHA256
- Click Continue to Next Step
- Review the configuration details and click on Save & Exit.
Step 2. Send Identity Provider Metadata to Wavefront
- Go back to My Applications and enable the application.
- Click the right arrow button near the provider and download SAML metadata.
Step 3. Upload Identity Provider Metadata into Wavefront
Wavefront version 2020.30 and earlier
- Send the downloaded metadata from Step 2 to firstname.lastname@example.org with a request to set up the PingOne integration for Wavefront. We’ll activate the integration on our end and will notify you as soon as we’ve done this.
Wavefront version 2020.34 and later
- Log in to Wavefront with a user account for which
SAML IDP Adminpermission is enabled.
- Click on the gear icon on top right corner and navigate to Self Service SAML.
- Select Identity Provider as PingOne from the list.
- Copy the downloaded metadata from Step 2 into the Configure Connection text box.
Click Test to test the validity of metadata. A new browser window opens with PingOne login page.
Note: The Save button is disabled until you’ve completed a test successfully.
- Log in to PingOne. After the login is successful, click Save.
Going forward, users who attempt to log in to Wavefront are redirected to PingOne. If a user can authenticate to PingOne but is not currently a Wavefront user, that user is auto-created on the Wavefront side. Password authentication is no longer supported.