This guide details how to configure Ping Identity (PingOne) as your Identity Provider (IdP) to enable Single Sign-On (SSO) for Empuls.
Prerequisites
Admin access to your Empuls account.
Admin access to your Ping Identity (PingOne) console.
A: Specific Service Provider Details from Empuls
Before configuring Ping Identity, you need to obtain the metadata from Empuls.
Login to your Empuls account.
Navigate to Reports and Admin > User Authentication.
Locate the SAML 2.0 Single Sign On card.
You will see your Service Provider (SP) Metadata. Keep this tab open, or:
Copy the ACS URL and Entity ID provided on the screen.
Download the SP Metadata file (e.g., empuls-sp-metadata.xml) by clicking on "Download SP Metadata".
B: Configure Ping Identity (PingOne)
Log in to your Ping Identity Admin Console.
Navigate to Connections > Applications.
Click the + (Plus) icon to add a new application.
Select Web App and choose SAML as the connection type.
Application Details:
App Name: Enter Empuls
Description: (Optional) Enter Employee Engagement Platform
Icon: (Optional) Upload the Empuls logo.
Click Next.
SAML Configuration:
Option A (Recommended): Click Import Metadata > Select a File and upload the empuls-sp-metadata.xml file you downloaded in Step 1.
Option B (Manual): If you prefer to enter details manually:
ACS URL: Paste the ACS URL copied from Empuls.
Entity ID: Paste the Entity ID copied from Empuls.
Click Save and Continue.
Attribute Mapping:
Empuls requires a unique identifier (Email ID or Employee ID) in the NameID field.
Set the SAML_SUBJECT attribute to map to Email Address (or the attribute that matches your users' Empuls login email).
Click Save and Close.
Enable the App: Toggle the switch next to the Empuls application to ON (Green) to enable user access.
C: Upload Ping Identity Metadata to Empuls
Once the application is created in Ping Identity, you must provide the IdP metadata back to Empuls to complete the trust relationship.
In the Ping Identity console, go to the Configuration tab of your new Empuls app.
Find the IDP Metadata URL or the Download Metadata button.
Download the IdP Metadata XML file to your computer.
Return to your Empuls browser tab (User Authentication page).
Scroll to the Identity Provider metadata section (Step 3 on the Empuls screen).
Upload the Ping Identity XML file you just downloaded.
Alternative: If Empuls asks for a URL, paste the Metadata URL from Ping Identity.
D: Test the Connection
After uploading the metadata, click Save in Empuls if prompted.
Click on the Test Connection button at the bottom of the Empuls User Authentication page.
A pop-up window will appear redirecting you to the Ping Identity login page.
Note: Ensure your browser pop-up blocker is disabled.
Enter your Ping Identity credentials.
If successful, you will be redirected back to Empuls with a "Connection Successful" message.
Troubleshooting
Pop-up Blocked: If the test window does not open, check your browser address bar for a pop-up blocker notification and allow pop-ups for Empuls.
User Not Found: Ensure the email address you are testing with exists in both Ping Identity and Empuls.
Invalid SAML Response: Verify that the NameID format in Ping Identity is mapped correctly to the user's email address.
For feedback or questions please reach out to us at [email protected]