PingOne SAML setup

Enable your PingOne users to access 1Password SaaS Manager with Single-Sign-On (SSO).

Add 1Password SaaS Manager to PingOne

1. Log in as an administrator to the PingOne console.
2. Open the Applications page and then select Add Application in the My Applications list.
3. Select Search Application Catalog.
4. Enter Trelica in the search box, and select Search. Trelica is the previous name for 1Password SaaS Manager.
5. The Trelica SAML application is listed. Select the big arrow on the right to expand the box.
6. Select Setup to get started.

A high-level overview of the configuration process is displayed. Scroll down and select Continue to Next Step, as these instructions take you through everything in detail.

The second step ("Connection Configuration") needs the SaaS Manager ACS URL. Open SaaS Manager in a new browser tab, as you will need to switch back to PingOne shortly. 

1. Log in to your SaaS Manager site, and then go to Settings > Users > SAML providers.
2. Select the Copy icon next to the SAML assertion consumer service (ACS) URL to copy it to the clipboard.
3. Now go back to PingOne, and in the Connection Configuration tab paste the URL into the ACS URL field. It should be something like https://app.trelica.com/Id/Saml2/xxx/Acs.
4. Scroll down and select Continue to Next Step.

You now need to map PingOne Identity Bridge Attributes to three fields that get passed to SaaS Manager when a SAML connection is made. These may vary depending on the backing directory you have configured for PingOne. The attributes will be those are the following:

• User's last name
• User's first name
• User's primary (work) email

Once you have finished, select Continue to Next Step.

The fourth step lets you modify the suggested name, description, and application category for SaaS Manager. Update the name to 1Password SaaS Manager, optionally download and use a SaaS Manager icon, then select Continue to Next Step.

The Group Access panel lets you grant PingOne user groups access to the SaaS Manager application. The list of groups will vary depending on your setup, but we recommend adding an administrators group initially for testing purposes, before you go back in and add broader user groups.

When you've chosen the groups you want, select Continue to Next Step.

The final panel confirms all the details you have selected. This panel contains an important piece of information that we need to configure SAML in SaaS Manager, namely the SAML Metadata URL. Scroll down the page to find this, and carefully select the URL in your browser and copy it to the clipboard.

Configure SaaS Manager

Return to the SAML providers settings in SaaS Manager (or re-open SaaS Manager and go to Settings > Users > SAML providers) and select New. The New SAML Identity Provider dialog is displayed.

In the Name field enter Ping Identity and set the Metadata type to Metadata from URL. Paste the SAML Metadata URL that you copied from PingOne into the Metadata URL field, then select Create.

Finalize configuration in PingOne

Switch back to PingOne, and scroll down the confirmation panel and select Finish.

You should now see the 1Password SaaS Manager application marked as Installed in PingOne.

Test the connection

You should have assigned one or more user groups to the 1Password SaaS Manager application in PingOne. In order to test the configuration, you need to log in to the PingOne Dock and try connecting to SaaS Manager.

If you're unsure of the PingOne Dock URL you can find it in the Setup > Dock > Configuration page.

Log in to the dock as one of the users to whom you assigned the SaaS Manager application in the PingOne admin console.

You should now see the SaaS Manager application icon. Select the icon to connect to SaaS Manager.