User story
As a PRTG Admin, I want ability to authenticate to PRTG via PingFederate solution from Ping Identity SSO provider.
Details of user story
Currently PRTG only supports single SSO provider – MS Azure AD. This feature request is to enable PRTG authentication via PingFederate or PingAccess from Ping Identity provider.
PingFederate supports the following standard protocols which are the same for MS Azure AD:
- SAML 2.0/ WS-Fed
- OAuth/ OpenID
Ideally the solution would be built so that it works with any SSO provider compatible with the above standard protocols.
Typical configuration options needed by these protocols are:
SAML 2.0/ WS-Fed
Application Name
A plain-language identifier for the connection; for example, a company or department name. This name is displayed on the log in page and will served as the connection name on the Ping Federate administrative console.
Entity ID
Unique identifier of the application/Application URL. This ID defines your organization as the entity operating the server for SAML 2.0 transactions. Based on previous observations on apps integrated, this is a value that can be derived from the Admin configurations that can be checked from application side.
Endpoint URL
The link where the attributes will be accepted by your application. A web service endpoint is a web address (URL) at which clients of a specific service can gain access to it. By referencing that URL, clients can get to operations provided by that service.
Attributes
A specification that is aligned to organization’s directory (LDAP/AD..), such as email, first and last name, user id.
Logout URL
The URL where the user redirects after they logout.
OAuth/OpenID
Application Name
A plain-language identifier for the connection; for example, a company or department name. This name is displayed on the log in page and will served as the connection name on the Ping Federate administrative console.
Client ID
Public identifier of application, a simple string which needs to be identical on both ends – Ping and application OAuth configuration. The Client ID is defined as the value used by the client to identify itself to the authorization server. It must be unique across all clients that the authorization server handles. Many implementations use something like a 32-character hex string. Normally, this is encoded for OAuth connections that have been previously handled. It can be viewed by the administrators of the application. Ideally, Client ID should be generated on the application side and not from Ping.
Redirect URL
The link where the attributes will be accepted by your application. A web service endpoint is a web address (URL) at which clients of a specific service can gain access to it. By referencing that URL, clients can get to operations provided by that service.
Attributes
A specification that is aligned to organization’s directory (LDAP/AD..), such as email, first and last name, short name, T-Number.
Logout URL
The URL where the user redirects after they logout.
For more technical information please check For PingID: https://docs.pingidentity.com/ or https://www.pingidentity.com/developer/en/index.html
https://www.pingidentity.com/en/platform/single-sign-on/software-sso.html
For MS Azure AD: OAuth2 OpenID Saml
Acceptance criteria
Ability to configure PingID to authenticate to PRTG.
Status
Open