The Evident platform leverages PingOne as our identity bridge to your Identity Provider (IdP) for SSO integrations. This allows the Evident Service to authenticate your SSO credentials against Evident's user list and keep your data secure.

Download our PingOne metadata packet and then generate a corresponding SAML 2.0 metadata.xml file.

You need the following information to integrate with the Evident Service using PingOne:

Assertion Consumer Service (ACS) URL.

The URL used by PingOne to receive the AuthnResponse from the IdP indicating whether a user has been successfully authenticated for single sign-on.

https://sso.connect.pingidentity.com/sso/sp/ACS.saml2

PingOne Entity ID / Audience URI

A globally unique name identifying PingOne as a SAML entity. If you use more than one SSO/SAML vendor, please contact us so that you are set up with unique URIs for each vendor.

PingConnect

TargetResource / Default Relay State

To do IdP-initiated SSO, the IdP needs to provide a TargetResource value for the single connection.

https://pingone.com/1.0/a004e86a-202c-46e7-96e7-39d1ca13f453

Verification Certificate

If your IdP doesn’t support uploading the PingOne metadata, you can use this certificate independently.

pingone-signing-05-03-2020.crt

Name ID Format

PingConnect

Application Username

Email

Once you have your Metadata packet configured, please send it to us via the Palo Alto Support Network. This packet must be contained in a SAML 2.0 metadata.xml similar to ours. We need the following information from you:

Entity ID

Uniquely identifies the your IdP to PingOne. This identifier is used in the SAML assertion sent to PingOne by the IdP.

SSO Endpoint

Your endpoint URL IdP to which PingOne sends SAML AuthnRequests.

Verification Certificate

Your IdP public signing certificate used to sign SAML assertions.