SAML with PingIdentity

Based on your application type, refer to the appropriate section for SAML with PingIdentity configuration:

Once SAML configuration is ready, you can add user groups to erwin Mart Portal.

Before you configure SAML with PingIdentity, ensure that you have responded to the questionnaire from your Quest Support representative so that they can provide you with the Identifier (Entity ID) and Reply URL (ACS URL) for your erwin Mart Portal instance. If you did not receive the questionnaire, reach out to your Quest Support representative.

To configure SAML with PingIdentity on-cloud for erwin Mart Portal authentication, follow these steps:

  1. Log in to PingIdentity Console.

    Saml Ping Login

  2. Click Administrators to set up your environment.

    Saml Ping Administratorenv

  3. Click Directory > Users > Icon Saml Ping Newuser.

    Saml Ping Addusers

  4. Enter user's information and click Save.

  5. Click Directory > Groups > Icon Saml Ping Newuser.

    Saml Ping Addgroups

  6. Enter Group Name and select Population.

  7. Click Save.

    Saml Ping Groups

  8. Click Icon Saml Ping Editgroups. Then, click Add/Remove Users.

    Saml Ping Addremoveusers

  9. Select the users that you want to add to your group and click Save.

  10. Click Applications > Applications > Icon Saml Ping Newuser.

    Saml Ping Addapp

  11. Enter an Application Name.

  12. Click SAML Application and click Save.

  13. Click Manually Enter and enter the Entity ID and ACS URL provided by the Quest Support team.

  14. Click Save.

    Saml Ping Appcreated

  15. Click Icon Saml Ping Enableuseraccess against your application name to enable user access to your application.

  16. In the list of applications, click your application name.

    Saml Ping Applicationoverview

  17. Click Attribute Mappings > Icon Saml Ping Editattribute > Add.

    Saml Ping Addattributes

  18. Add another attribute and map as shown in the following image.

    Saml Ping Addedattributes

    Similarly, you can add a display name here.

  19. Click Save.
    These attributes are to be shared with the Quest Support team for configuration.

  20. From the Overview tab, copy IDP Metadata URL.

  21. Share the following details with the Quest Support team:

    • Metadata XML URL: The IDP Metadata URL copied in step 20.
    • Group Attribute Name: The value configured in step 18.
    • User Email Attribute Name: The value configured in step 18.
    • User Display Name Attribute Name: The value configured in step 18.

Once the support team authenticates for you, you can move to adding groups in at https://<your_instance>.myerwin.com/MartPortal.

To configure SAML with PingIdentity on-premises for erwin Mart Portal authentication, follow these steps:

  1. Log in to PingIdentity Console.

    Saml Ping Login

  2. Click Administrators to set up your environment.

    Saml Ping Administratorenv

  3. Click Directory > Users > Icon Saml Ping Newuser.

    Saml Ping Addusers

  4. Enter user's information and click Save.

  5. Click Directory > Groups > Icon Saml Ping Newuser.

    Saml Ping Addgroups

  6. Enter Group Name and select Population.

  7. Click Save.

    Saml Ping Groups

  8. Click Icon Saml Ping Editgroups. Then, click Add/Remove Users.

    Saml Ping Addremoveusers

  9. Select the users that you want to add to your group and click Save.

  10. Click Applications > Applications > Icon Saml Ping Newuser.

    Saml Ping Addapp

  11. Enter an Application Name.

  12. Click SAML Application and click Save.

    Saml Ping Importmetadata

  13. Click Import Metadata and select the file that you downloaded (erwin Mart Portal Configuration > Authentication tab > Download SP Metadata) during erwin Mart Portal configuration.

    Saml Ping Metadataconfig

  14. Click Save.

    Saml Ping Appcreated

  15. Click Icon Saml Ping Enableuseraccess against your application name to enable user access to your application.

  16. In the list of applications, click your application name.

    Saml Ping Applicationoverview

  17. Click Attribute Mappings > Icon Saml Ping Editattribute > Add.

    Saml Ping Addattributes

  18. Add another attribute and map as shown in the following image.

    Saml Ping Addedattributes

    Similarly, you can add a display name here.

  19. Click Save.
    These attributes will be used on the erwin Mart Portal Configuration screen.

  20. From the Overview tab, copy IDP Metadata URL.

    Saml Ping Idpmetadataurl

  21. On the erwin Mart Portal Configuration screen, click the Authentication tab, and then and follow these steps:

    1. In the Metadata XML field, paste the copied SAML Metadata URL copied in step 20.

    2. In the Group Attribute Name, User Email Attribute Name, and User Display Name Attribute Name fields, enter the values that are configured in step 18.

      Saml Okta Authentication Martconfig

      The User Email Attribute Name and User Display Name Attribute Name fields are optional.

  22. Click Configure.

Your erwin Mart Portal is now authenticated via PingIdentity.

Adding Groups in erwin Mart Portal

To add your PingIdentity SAML groups to erwin Mart Portal, follow these steps:

  1. Create a CSV file containing the <group_attribute_value> and <group_display_name>.

    You can also use the sample template for groups and replace the sample values with the actual Group Attribute Name and Group Display Name.

    Saml Groupexportcsv

    Saml Groupexportcsvformat

  2. Log in to the erwin Mart Portal as an administrator.

  3. Go to Application Menu > Users.
    The Users page appears.

    Users

  4. Click Add User.
    The Add User page appears.

    Add User

  5. Under User Type, select SAML Group

    Saml Groupuploadusers

  6. Drag and drop the CSV file that you created in step 1.

  7. Under Group name, select the required group.

  8. In the Email Address field, enter your email address.

  9. Click Save.

The group has been added.