PingID SSO Configuration PingID SSO Configuration

PingID SSO Configuration

Chariot Single Sign-On (SSO) with PingID

Chariot supports Single Sign-On through PingID integration. This guide will walk you through the setup process, which involves verifying your domain ownership, creating a PingOne OIDC application, and configuring the integration in Chariot. You'll need three key pieces of information to complete the setup: 

  • Client ID 
  • Client Secret 
  • Issuer URL

Domain Verification

The first step is to verify ownership of your domain by adding a DNS TXT record. Access your domain's DNS settings or management interface where you'll need to add a TXT record. The record should follow the format "chariot=<email>", where <email> is your primary Chariot account email address. You can find your primary email on Users page.

At your DNS  management interface, set the text record for your root domain. For example, if your domain is YourDomain.com and your record is set at the root level (@), you would add a TXT record with the value "chariot=YourPrimaryEmail@email.com". Within the Chariot setup pop-up, you can copy and paste this value:

Once Set, your DNS TXT record might look something like this. 

YourDomain.com Record type: value:
@ TXT "chariot=YourPrimaryEmail@email.com"

To verify that your record has been published, you can run the command dig +short TXT YourDomain.com if on a Mac or nslookup -type=TXT YourDomain.com if using Windows, and look for your record in the output.

Creating and Configuring the PingOne OIDC Application

Steps

  1. Sign on to your PingOne for Enterprise tenant.

  2. Go to Applications.

  3. Click the blue icon next to Applications.

  4. Type the Application Name and Description.

  5. Choose OIDC Web App.

  6. Click Save.

  7. Click the toggle at the top right to save and enable the Application.

  8. Copy the Client ID, Client Secret, and the Issuer ID URL for later use in Chariot.

 

Chariot Integration Configuration

To complete the integration, log into Chariot with your existing credentials. Click Settings on the bottom left menu then the Account Settings tab. Look for the "Setup Single Sign-On" button.

Provide the following information:

The domain field is your email domain (for example, "praetorian.com," if your email is "john.doe@praetorian.com"). The Client ID and the Client Secret are the values copied during the PingOne Application setup process. For the Issuer URL, use the formatted URL containing your tenant ID as described above.

Managing Access Permissions

Access to your Chariot account will be granted to users based on the access group specified in your PingID tenant. 

Once the setup is complete, users can access Chariot through the Sign in with SSO portal on the login page.

It's worth noting that while you can remove the DNS TXT record after completing the SSO setup, you'll need to temporarily reinstate it if you make any changes to the SSO configuration, such as rotating secrets.

Should you encounter any difficulties during this process or need assistance, don't hesitate to reach out to support@praetorian.com for help. Our support team is ready to assist you in ensuring a smooth integration between PingID and Chariot.

Articles in this section