# SSO with PingOne

## Vectra Fusion configuration <a href="#vectra-fusion-configuration" id="vectra-fusion-configuration"></a>

Vectra’s SAML and your Identity Provider settings need to be configured in parallel. To start, log in to your Vectra account as an administrator.

1. Navigate to **Settings > SSO** and enable **SAML Single Sign-on**:
2. Make a copy of the **Assertion consumer service (ACS) URL** in the **SAML Single Sign-On Settings** page that appears. This be needed as input into **PingOne** later.

## PingOne Walkthrough <a href="#pingone-walkthrough" id="pingone-walkthrough"></a>

1. Navigate to **Directory > Populations**.

![](/files/TTBwYerWb6CI6CN5dQTz)

### Create a new Population. <a href="#create-a-new-population" id="create-a-new-population"></a>

2. Create a population for each role you want to your users to use. The example image below creates a population for administrators. In this example, the Population Name is **Neto\_admin**.

![](/files/KQuWTMK7AQffI0zZwWYr)

3. Click **Save**.\
   PingOne will display auto-created information for the new Population.\
   Make note of the **Population ID**. This value will be used later when configuring the attribute mappings in the Vectra Fusion Portal.

![](/files/g2JyuDZIlSWLgWu7VgD1)

4. \[Optional] Repeat process for additional roles, such as readonly.

### Create a new SAML v2.0 application. <a href="#create-a-new-saml-v20-application" id="create-a-new-saml-v20-application"></a>

5. Navigate to **Applications > Applications** and click the plus icon button to add a.

![](/files/lg2nrsNSN18m7rmNApKP)

6. Name this application **Vectra** and choose **SAML Application** as the **Application Type**.

![](/files/rl1yDqHc0Sdd3FCAOFWu)

7. Click **Configure**.
8. Select / Enter the following details:
   1. Metadata: Manually Enter
   2. ACS URLs: `https://idm.netography.com/auth/realms/netography/broker/<shortname>/endpoint`
   3. Entity ID: `https://idm.netography.com/auth/realms/netography`

![](/files/SzZyYJeSdLVDrRtDPCTY)

9. Click **Save**.
10. Click the **Attribute Mappings** tab.
11. Click the **edit icon**.

![](/files/ddy1FKjBsaaG9FMJOzXI)

\*\*Fill out the attribute mappers. These will be used to populate the user information in Vectra. Of particular importance is the "group" mapping which will link the the population (role) created above. The following fields can be use:

\* saml\subject - User ID (required - do not change)

\* email - Email Address (required)

\* firstName - Given Name (required)

\* lastName - Family Name (required)

\* nickname - Nickname (optional)

\* phoneNumber - Primary Phone (optional)

\* jobTitle - Title (optional)

\* pictureUrl - Photos Link (optional)

\* group - Population ID (required)

![](/files/O2b8iglIsEGgzqtNOB7r)

11. Click Save
12. Obtain the XML Metadata file. Click the **Overview** tab, then **Download Metadata**.
13.

```
![](../../../.gitbook/assets/bc5a53780125972c150dd986928a67c71d5348bb66084e24a0f5524af48d74fb.png)
```

```
Finally, click the toggle switch to enable the SAML Application
```

![](/files/9knqeqa2qXqv1pOLEuIO)

🚧 Do not forget to assign users to your new Populations.

## Vectra Fusion post-configuration <a href="#vectra-fusion-post-configuration" id="vectra-fusion-post-configuration"></a>

1. Return to the Vectra portal, navigate to **SSO > SAML Single Sign-on**, and upload the metadata file into the **Metadata File** field.

![](/files/lQUk2imS7h7ZYZPi0Zpu)

2. Click **Next**.
3. Now configure the **User attribute mappers** to match the mapper values configured in Auth0 above:

![](/files/JuVoeGDuQiQX5KoR4cpN)

4. Click **Next**.
5. Configure the Default user role and role mappers:
   1. Default user role: This is the role an IDM-authenticated user will default to if the role mappings are not found in the SAML exchange. For security purposes, we recommend setting this value to "readonly", but you may want to set this to "admin" as you are testing your configuration.
   2. Admin role mappers: Configure these according to the screenshot below. The SAML Attribute Value will be your specific Population ID.

![](/files/2hu60OsVqJkm4f8mthSv)

6. Click the **Save** button.

Done! Now your users can log in directly via your identity provider using a new account-specific login URL. The new SSO Login URL can now be found under the **Essentials** settings in the **SAML Single Sign-On Settings** page.

![](/files/Uq888iGCXq2HVUbau3j9)

🚧 The default login will still work for your account administrator, which is not bound to your IDM.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/settings/user-management/index-2/configuring-sso-with-pingone.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.