MicroStrategy ONE

Signing in to PingFederate by Scanning a QR Code

PingFederate® users can log in using their smartphones to scan a QR code displayed on the computer screen. After you integrate the web application with MicroStrategy Identity, the PingFederate login page displays a QR code.

The following steps contain only the information required to configure or use PingFederate with MicroStrategy Identity. The information provided is subject to change. See the appropriate third-party documentation for the latest information.

You own the PingFederate product, version 7.1.4.7.

PingFederate is configured as a service provider. For steps to configure PingFederate as a service provider, see your third-party documentation.

You have administrative privileges for PingFederate.

You have a PingFederate public key for MicroStrategy Identity to use to verify your digital signatures. For steps to create a public key, see your third-party documentation.

To display a custom image on the PingFederate login page, you must create the image to display. Supported image formats are .png, .jpeg, and .jpg files.

If your PingFederate users are populated from an Identity Management (IDM) system such as Microsoft Active Directory or OpenLDAP, it is recommended that you add users to your Identity Network by synchronizing MicroStrategy Identity with the same IDM system as PingFederate. This helps add user information to MicroStrategy Identity and may be easier than adding users manually or by importing a file. For steps, see Synchronizing Users from Microsoft Active Directory or Synchronizing Users from OpenLDAP.

To Register PingFederate with MicroStrategy Identity by Uploading Service Provider Metadata

  1. Download the PingFederate service provider metadata from PingFederate:
  2. In the Metadata Role tab, select I am the Service Provider (SP).
  3. In the Metadata Mode tab, select Select information to include in metadata manually.
  4. In the Protocol tab, select SAML 2.0.
  5. Click Next until you reach the Signing Key tab.
  6. In the Signing Key tab, select a key to use for digital signatures.
  7. Click Next until you reach the Export and Summary page.
  8. From the Export and Summary page, export your PingFederate service provider metadata. Note the location on your computer where the metadata .xml file is saved.
  9. Log into MicroStrategy Identity Manager.
  10. Click Logical Gateways.
  11. Under Web Application Login, click SAML.
  12. You can upload the image to be displayed on your PingFederate login page. Next to the image preview, click Import An Icon. Select an image to display, then click Open.
  13. In the Enter Display Name field, provide a name to display on your PingFederate login page. The name can be up to 30 characters.
  14. If the users in your Identity Network are added from Microsoft Active Directory, you can enable users to sign in to PingFederate by typing their Active Directory user name and password, rather than scanning a QR code. For example, if not all users in your network have access to a smartphone, you can enable users to sign in with their user name and password. To do this, select the Enable user name and password as a login option check box.
  15. To upload the PingFederate metadata:
    1. Select Upload Pre-configured Metadata.
    2. Click Upload Metadata.
    3. Upload the PingFederate metadata .xml file.
  16. Click Next. The metadata file populates the fields on the Configure SAML page.
  17. Click Next. The metadata file populates the fields on the Configure Assertion Consumer Service URL page.
  18. If the SAML request is signed, do the following:
    1. Select the Service Provider Request is Signed check box.
    2. Click Upload Security Certificate.
    3. Upload the certificate (.crt) file that is used to sign the SAML request.
  19. Click Next.
  20. To see an example SAML assertion with your configured settings and attributes, click Preview Template. You can test the SAML assertion in your own environment. When you are finished viewing the SAML assertion, click Close Preview.
  21. Click Next.
  22. To enable PingFederate to work with MicroStrategy Identity, you upload to PingFederate a MicroStrategy Identity provider metadata file that configures the SAML settings for MicroStrategy Identity. Click Download Metadata to download the Identity metadata .xml file. Save the file to a location on your computer so you can upload it to PingFederate.
  23. Click Done.

Next, configure MicroStrategy Identity as an identity provider in PingFederate.

Related Topics

Categorizing MicroStrategy Badge Resources

Integrating a SAML-Enabled Web Application with MicroStrategy Identity