Step by step guide to configure Ping Identity as a SAML Identity Provider within Visma

Follow the steps below to configure Ping Identity as a SAML Identity Provider within Visma. Keep Authentication Settings open in your browser while you access Ping Identity in a new window or tab. You will need to return to the Single Sign-On page to complete the configuration steps.

Prerequisites

Ping Identity account with Admin rights
All of your users under your account in Visma will need a pre-existing account in Ping Identity with exactly the same domain email address.

Configure Visma Single Sign-On app in Ping Identity

On the "Single Sign-On" page go to section 1. Copy the Visma metadata details into Ping Identity.
Log into your Admin panel.
Click Connections from the left side menu.
Add a new application by clicking the plus sign from the left upper corner.
Click Advanced configuration and then click Configure for SAML connection type.
Name your application and click Next.
Select Import From URL option.
While on Configure SAML Connection copy from Authentication Settings section 1.Copy the Visma metadata details into Ping Identity the metadata link.
Paste the link into the IMPORT URL box and click Import.
From the section SIGNING KEY select the option SIGNED RESPONSE.
From section SLO BINDING select for SUBJECT NAMEID FORMAT the option: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
For ASSERTION VALIDITY DURATION insert 60(seconds).
Click Save and Continue.
Use the table from Authentication Settings section 2. Configure claims in Ping Identity to add mappings into the Ping Identity page from left to right for each row.
On the added attributes select the checkbox for Required.
Click Save and Close.
To enable your new application activate the toggle button from the right upper corner.

Configure Visma Single Sign-On to use Ping Identity.

While on your newly created application go to the Configuration tab.
Click Download Metadata.
Upload this Metadata XML file into the section 3.Upload Ping Identity metadata into Visma from Authentication Settings. It contains all your Ping Identity information that Visma needs in order to complete the setup.
Continue with your Advanced configuration and click Save.

Testing Single Sign-On after Visma has made its configuration

To make sure SSO is working, perform this step:

To test SSO access go to your Visma MyDomain e.g. https://example.my.connect.visma.com directly, and then click the Sign in with Ping Identity button.