Leverage Ping Identity for Single Sign-On
Enterprise Testfully Cloud customers can leverage Ping Identity for Single Sign-On (SSO) to provide a seamless login experience for their team members. This article provides a step-by-step guide on how to configure Ping Identity for SSO in Testfully.
Open ID Connect (OIDC) Support
Testfully leverages the industry-standard OpenID Connect (OIDC) protocol to integrate with Ping Identity. This means that you can use Ping Identity to authenticate your team members and provide them with secure access to Testfully. PingFederate with built-in support for OIDC, making it easy to set up SSO for your team.
Setting up Ping Identity for Testfully
Setting up Ping Identity for Testfully involves creating a new OAuth client in PingFederate, white-listing Testfully's app as a trusted origin, and providing the required details to Testfully. Here's how you can do it:
Step 1: Create a new OAuth Client in PingFederate
Integrating Ping Identity with Testfully requires creating a new OAuth client in PingFederate. Here's how you can do it in PingFederate 12.2 or later:
- Log in to your PingFederate admin console.
- Click on the Applications tab.
- Click on the OAuth Clients tab.
- Click on the Add Client button.
The Add OAuth Client form will appear. These are the fields that matter to the integration with Testfully:
| Field Name | Description |
|---|---|
| Client ID | A unique identifier for the OAuth client. For example, testfully_prod_sso |
| Name | A human-readable name for the OAuth client. For example, Testfully SSO |
| Redirect URL | The URL where PingFederate should redirect the user after authentication. For Testfully, use https://app.testfully.io/sso/ping/callback |
| Allowed Grant Types | Select Authorization Code grant types. |
A note on Scopes
Testfully requires the following scopes to be configured in the OAuth client:
| Scope Name | Description |
|---|---|
openid | Required for OpenID Connect to work. |
profile | Required to fetch user's full name |
email | Required to fetch user's email address |
Please make sure to add these scopes to the OAuth client. If you're unsure how to do it, please refer to the PingFederate documentation.
Step 2: White-list Testfully's app as a trusted origin
To ensure that the SSO flow works correctly, you need to white-list Testfully's app as a trusted origin in PingFederate. Here's how you can do it:
- Log in to your PingFederate admin console.
- Click on the System tab.
- Click on the Authorization Server Settings tab.
- Scroll down to the Cross-Origin Resource Sharing Settings section.
- Enter
https://app.testfully.ioin the input field under Allowed Origins. - Click on the Add button, then click on the Save button.
Step 3: Provide required details to Testfully
Once you've created the OAuth client and white-listed Testfully's app, you need to provide the following details to Testfully:
| Field Name | Description |
|---|---|
| Client ID | The unique identifier for the OAuth client you created in PingFederate. |
| Ping Federate Engine URL | The URL of your PingFederate engine. For example, https://pingfederate.example.com |
Please drop us a message at support@testfully.io with the required details, and we'll set up the SSO flow for your organization.
A note on Ping Federate Engine URL
ODIC-compliant PingFederate installations expose a well-known endpoint at .well-known/openid-configuration. Testfully uses this endpoint to fetch the required configuration details. Your PingFederate engine URL will be the base URL for this endpoint. To find the correct URL, you can append .well-known/openid-configuration to your PingFederate base URL. For example, if your PingFederate base URL is https://pingfederate.example.com, the correct URL will be https://pingfederate.example.com/.well-known/openid-configuration.
Testfully will need a bunch of other details to complete the integration, all of which can be found in the .well-known/openid-configuration endpoint. Once you've provided the required details to Testfully, we'll take care of the rest and set up the SSO flow for your team.