Enabling SAML using PingFederate
Applies to: IBM StreamSets as a Service
Step 1. Retrieve IdP Information
In Control Hub, choose PingFederate as your identity provider and then retrieve the IdP information generated for your organization.
Step 2. Create a PingFederate SP Connection
To register IBM StreamSets as a service provider in PingFederate, use the IdP information that you retrieved from Control Hub to create an SP connection in PingFederate.
When you create the SP connection, you specify the PingFederate IdP adapter and credential validator that retrieve and authenticate users against a data store such as LDAP. Any user added to the IdP adapter data store can log in to IBM StreamSets, as long as the user is invited to the Control Hub organization using the data store email address.
These steps provide brief instructions to create an SP connection in PingFederate. For detailed steps, see the PingFederate documentation.
Step 3. Set up a Draft SAML Configuration
In Control Hub, set up the draft SAML configuration for your organization by uploading the metadata XML file downloaded from PingFederate, and then optionally configuring advanced properties. You can also enable or disable SP-initiated logins.
Step 4. Publish and Enable the SAML Configuration
After testing and validating that the draft SAML configuration is set up correctly with PingFederate, publish the configuration to production and then enable the configuration to activate it.