1. Award Force Help Centre
  2. Getting started
  3. API and integrations

Configuring SAML with Ping Identity

Alex Bon Ami
Updated

These instructions explain how to configure your Award Force account for SAML single sign-on (SSO) using Ping Identity as the identity provider. You’ll need an active Ping Identity account as well as an Award Force account.

Step 1: create a new application in Ping Identity

  1. Log in to your Ping Identity account
  2. In the main menu, go to Applications > Applications
  3. Click the + icon at the top to create a new application
  4. Enter a Name for the application
  5. Select SAML Application from the list of application types, then click Save

Step 2: enter application metadata

  1. Select Manually enter for the application metadata
  2. Complete the input fields as follows, replacing {YOUR AWARD FORCE URL} with your program’s Award Force URL:
    • ACS URLs: https://{YOUR AWARD FORCE URL}/saml/callback
    • Entity ID: https://{YOUR AWARD FORCE URL}/saml/metadata
      Add application ACS URLs and Entity ID example
  3. Click Save

Step 3: copy SSO details to Award Force

In the 'Overview' section of Ping Identity, download the certificate and locate the Issuer and Single sign-on URL values. You’ll need these for Award Force.

  1. Log in to Award Force
  2. In the Manage workspace, go to Settings > Users > Registration
  3. Copy the following details from Ping Identity into the corresponding fields in Award Force:
    • Issuer
    • SSO service URL
    • Certificate

Step 4: configure NameID settings

  1. Return to Ping Identity:
  2. Go to Configuration and click the edit icon.
  3. Under Subject NameID format, select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
    Format persistent option in Subject NameID Format drop-down
  4. Select the persistent NameID option
  5. Click Save

Step 5: add attribute mappings

  1. In Ping Identity, go to Attribute mappings
  2. Add the following mappings exactly as shown:
Attribute name Mapped to
email Email address
firstName Given name
lastName Family name

The attribute names—email, firstName, and lastName—must match exactly, including capitalisation. These values are sent to Award Force to validate each user’s identity.

Step 6: enable the application

Finally, switch the toggle on in Ping Identity to enable your SAML application.

Good to know

  • Only one SAML SSO provider can be active in Award Force at a time.
  • Ensure that your certificate in Award Force remains current—expired certificates will prevent user authentication.
  • Test your SSO setup with a single user before rolling it out to all users.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more