Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Table of Contents

Through the Admin Interface

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 20, 2026
  • 2 minute read
    • MarkLogic Server
    • Version 12.0
    • Documentation

To set up SAML-based authentication and authorization with PingOne through the Admin Interface, follow these steps:

  1. Create your external security object by setting these fields on the External Security configuration page and clicking OK:

    Field

    Setting

    External Security Name

    Enter a descriptive name for this external security object that identifies the external agent.

    EXAMPLE: PingOne-SAML

    Description

    (Optional) Enter a description for this external security object.

    EXAMPLE: PingOne external security object for SAML

    Authentication

    Choose saml from the dropdown.

    [v11.2.0 and up] Setting this field to saml makes the SAML Server fields available.

    Cache Timeout

    Enter a number in seconds after which you want MarkLogic Server to re-authenticate the user with your SAML external agent instead of with the credentials stored in the cache.

    EXAMPLE: 300 (default kept)

    Note:

    Clear the cache by calling either sec.externalSecurityClearCache() or sec:external-security-clear-cache().

    Authorization

    Choose saml from the dropdown.

    SAML Server fields:

    Field

    Description

    SAML Entity ID

    Enter a value that identifies this instance with your external agent.

    EXAMPLE: http://localhost:8010/

    SAML Destination

    Enter the external agent's Single SignOn Service link; that is, the login page.

    EXAMPLE: https://auth.pingone.asia/a58...3c8/saml20/idp/sso

    SAML Issuer

    Enter the external agent's Entity ID link; that is, the login page.

    EXAMPLE: http://localhost:8010/

    SAML IDP Certificate Authority

    Enter the external agent's Signing Certificate.

    EXAMPLE: -----BEGIN CERTIFICATE----- MII...qY= -----END CERTIFICATE-----

    SAML Attribute Name

    Enter the mapped name.

    EXAMPLE: group

  2. Configure your desired app servers to use this external security object by setting these fields on each App Server configuration page and clicking OK:

    Field

    Setting

    Authentication

    Choose saml from the dropdown.

    Internal Security

    Click the false radio button.

    External Securities dropdown

    Choose from the dropdown the External Security Name that you gave to your external security object in the previous step. Choose only one.

    EXAMPLE: PingOne-SAML

  3. Assign the external name to your desired roles by setting this field on each Role configuration page and clicking OK:

    Field

    Setting

    External Name

    Enter the configured group value from your external agent that corresponds to this role.

    EXAMPLE: dh-admin

MarkLogic Server is now set up for SAML-based authentication and authorization with PingOne.

TitleResults for “How to create a CRG?”Also Available inAlert