How to setup Ping Identity SSO in Wellness360.

Step I. Creating the Application in Ping Identity.

1. Log in to Ping Identity:

   • Ensure you have Administrator permissions.
   • From the main menu, select Applications > Applications.

2. Create a New Application:

• On the Applications page, click the + (plus) sign.
• Enter the application name and description (e.g., we used Wellness360 but it should be your company name).
• Select SAML Application.
• Click Configure once the SAML Application option appears.
  

3. Configure SAML Application:

• From the SAML Configuration, select Manually Enter.
• Enter the ACS URLs as required.
• Entity ID: Must be unique. You can use your company name or a preferred identifier. (Note: You will use the same Entity ID in the Wellness360 Admin portal SSO settings.)
• Click Save.
  

Step II. Configure Ping Identity SSO Settings for Wellness360

1. Access the Wellness360 Application:

   • From the Applications page, select Wellness360.
   • Turn on the toggle next to your app name to enable it.

2. Configure Attribute Mappings:

• Go to the Attribute Mappings tab and click the pencil icon to edit.
• Add the following attributes:
  • saml_subject: Select Email Address from the PingOne Mappings dropdown.
  • firstName: Enter firstName and choose Given Name from the dropdown.
  • lastName: Enter lastName and choose Family Name from the dropdown.
  • email: Enter email and choose Email Address from the dropdown.
  • username: Enter username and choose Username from the dropdown.
• Click Save after adding all attributes.

3. Download Metadata:

• Go to the Configuration tab under Connection Details.
• Click Download Metadata.
• Copy the Issuer ID, and Entity ID, and save these for use later in the Wellness360 Admin portal.

Step III. Provide Access to an Existing Group or Add New Users in Ping Identity

I. If the Group Already Exists:

1. Go to the Access tab in the application’s configuration settings.
2. Click the Pencil Icon in the top-right corner to edit.
3. Select the Group:
   • From the list of available groups, select the group you want to provide access to.
   • Use the search bar to find the group quickly.
4. Save Changes:
   • Click Save to confirm the changes.
     

II. If Users Are Not Yet Created in Ping Identity:

1. Go to Directory > Users.
2. Click + Add User and enter the required details:
   • First Name
   • Last Name
   • Email Address (used as the username)
   • Temporary Password (or use auto-generated password if available)
   • Assign the user to the appropriate group. 
     
     3. Notify Users:
   • Share the login credentials and onboarding instructions with new users. Ensure they complete the MFA setup if required.

Step IV. Add Ping Identity Configuration to the Wellness360 Admin Portal

1. Log in to the Wellness360 Admin Portal:

   • Navigate to the SSO Settings tab on the left menu.

2. Enter Configuration Details:

• Enter the following fields:
  • Entity ID (IDP): This should be the same unique ID or name that you set when creating the app in Ping Identity.
  • Identifier (IDP): This is the Issuer ID from the Ping Identity configuration.
  • SP URL: Enter https://api.livewellness360.com/saml/SSO.
• Upload the Metadata file: Use the .xml file downloaded from Ping Identity.
• Click Update and Save.

3. Test the Integration:

• After saving the changes, navigate to the Wellness360 (Yourcomanyname.livewellness360.com) user portal. 
• Click Login with SSO and log in using Ping Identity credentials.

4. Complete the Initial Setup:

• Upon successful login, you will be redirected to the setup page.
• Enter the required details (Date of Birth, Weight, Height) and click Save.

If you have any questions or would like additional help, please reach out to Wellness360 support for further assistance.