Learn how to configure PingFederate as your identity provider to work with SSO authentication for Firebolt.
https://id.app.firebolt.io/login/callback?connection=<organization_name>-<provider>&organization=<organization_identifier>
For example: https://id.app.firebolt.io/login/callback?connection=acmeorg-pingfederate&organization=org_82u3nzTNQPA8RyoM
<org_name>
represents the Organizational name used to create your Firebolt Account. The org name is referenced in your vanity URL.
<provider>
represents the provider we’re configuring as our IdP.<organization_identifier>
is the unique identifier for your Organization. To retrieve your<organization_identifier>
, you can navigate to Configure > SSO in the Firebolt UI, and Click Copy organization SSO identifier.
urn:auth0:app-firebolt-v2:<organization_name>-<provider>
,
where<organization_name>
is the name of the organization in Firebolt, and<provider>
is the provider value set in Firebolt configuration step
For example:
urn:auth0:app-firebolt-v2:acmeorg-pingfederate
signOnUrl
: The sign-on URL, provided by the SAML identity provider, to which Firebolt sends the SAML requests. The URL is IdP-specific and is determined by the identity provider during configuration.
signoutUrl(optional)
: The sign-out URL, provided by the application owner, to be used when the user signs out of the application. In Pingfederate, you can retrieve this value by copying the Single Logout Service
URL found in Application > Configuration.```
issuer
: A unique value generated by the SAML identity provider specifying the issuer value.
provider
: The provider’s name - for example: PingFederate
.
label
: The label to use for the SSO login button. If not provided, the Provider field value is used.
certificate
: The certificate to verify the communication between the identity provider and Firebolt. The certificate needs to be in PEM or CER format, and can be uploaded from your computer by choosing Import certificate or entered in the text box.
field mapping
: Mapping to your identity provider’s first and last name in key-value pairs. If additional fields are required, choose Add another key-value pair. Mapping is required for Firebolt to fill in the login’s given and last names the first time the user logs in using SSO.
Here’s an example of how to set up field mapping:
given_name
is your first name, and is mapped to the “name” field from the IDP. The family_name
is your last name, and is mapped from the “surname” field.
signOnURL
is the Single Sign On Service URL obtained during PingFederate configuration,issuer
is the name of the issuer, ‘pingfederate’ in this case,provider
is the IdP name, ‘pingfederate’ in this case,label
is the text that will appear on the Sign in form (this defaults to <organization_name>-<provider
if a value is not provided, for instance ‘acme-pingfederate`)certificate
is the X.509 certificate in PEM format downloaded in setup.