With PingOne

You can set up MarkLogic Server to use the vendor PingOne as your SAML external agent.

To set up PingOne to properly interface with MarkLogic Server, follow these steps while noting the information that you will need later as you go along:

1. Decide on or identify your application’s Assertion Consumer Service (ACS) URL. Example: https://localhost:8010/. This URL will be the root of all requests that will require authentication and will be used for external security object configuration.

2. Start a PingOne trial or purchase PingOne.

3. Add a User record to your Directory. Example: test-user@acme.local. See Adding a user.

4. Add a Group record to your Directory. Example: dh-admin. See Creating a group.

   • Note this value. You will use it as an external name during role configuration.

5. Add the User created in Step 3 to the Group created in Step 4. See Managing group membership.

6. Create a SAML application. See Adding an application.

   • Use the value from Step 1 for both ACS URL and Entity ID.

7. On the application's configuration page,

   • Download the Signing Certificate for external security object configuration.
   • Note the Single SignOn Service link for external security object configuration. Example: https://auth.pingone.asia/a58...3c8/saml20/idp/sso.
   • Add PingOne's Group Names as your application's group attribute. You may add more than one attribute, but only Group Names is required right now.

   See Editing an application - SAML.

Your PingOne Server is now set up to integrate with MarkLogic Server, and you have the information that you need to configure MarkLogic Server external security.

This table shows how the elements that you noted from the PingOne server map to fields on the MarkLogic Server External Security configuration page. It also includes the values used in the example setup:

You can now set up MarkLogic Server integration through one of the methods described in this section.