Configure Tenfold to use Ping Identity as an identity provider

Configuring SSO Using PingOne for Tenfold

To set up SSO with PingOne as the Identity Provider for Tenfold, follow these steps:

1. Configure Identity Repository (if not already completed):
   • In PingOne Setup, configure your Identity Repository. Note: If you're creating a PingOne Directory, add users to the directory and set their default password as needed.
2. Log in to PingOne:
   • Log in to PingOne as a user with administrator privileges.
   • Navigate to Applications > My Applications.
3. Create a New SAML Application:
   • Click Add Application and select New SAML Application.
4. Enter Application Details:
   • On the Application Details page, fill in the required fields:
     • Application Name
     • Application Description
     • Category
   • Optionally, upload an application icon (JPEG/JPG or PNG, max size 5 MB) to help users identify the app.
   • Click Continue to Next Step.
5. Configure SAML Settings:
   • On the Application Configuration page, provide the SAML configuration details:
     • ACS URL: https://dashboard.tenfold.com/corporate-login/callback
     • Entity ID: sso.tenfold.com
   • Download PingOne SAML Metadata for future use.
   • Upload Tenfold Metadata: Click Choose File and upload the metadata file provided by Tenfold.
   • Select I have the SAML configuration.
6. Modify SSO Attribute Mapping:
   • Add or modify attribute mappings as needed. Tenfold requires certain attributes for correct user provisioning:
     • Add the following Attribute Statements:
       • firstName → user.firstName
       • lastName → user.lastName Note: These attributes are optional, but failing to set them can result in Tenfold creating users with inconsistent information compared to the connected CRM (e.g., Salesforce). Ensure that email, firstName, and lastName are correctly mapped to avoid issues.
7. Save and Publish Application:
   • After adding or modifying attribute mappings, click Continue to Next Step.
   • Configure group settings as needed, then click Save & Publish.
   • The Review Setup window will be displayed for final confirmation.
8. Configure SSO in Tenfold:
   • Log in to the Tenfold dashboard.
   • Navigate to Feature > Single Sign-On (SSO).
   • Set the domain that users will use when logging in to Tenfold.
   • Upload the metadata XML file generated in step #6.
   • Click Save.
9. Test the Login Flow:
   • Your organization is now ready to use PingOne for authentication with Tenfold.
   • PingOne will handle multi-factor authentication (MFA) as per your settings.
   • A successful test login flow will redirect users to the Tenfold dashboard after using PingOne for SSO.

Troubleshooting

Issue: SSO Fails with Error "SAML_215: Unable to fulfill requested NameID format" during Service Provider (SP) Initiated SSO.

Possible Solution:

1. Log in to PingOne.
2. Navigate to Applications > My Applications.
3. Click on the application you are configuring.
4. Click Edit and select Continue to Next Step twice.
5. (If SAML_SUBJECT attribute does not exist, follow these steps):
   • Click Add new attribute under Attribute Mapping and set:
     • Application Attribute: SAML_SUBJECT
     • Map it to an appropriate attribute (e.g., email).
   • Click Advanced for the SAML_SUBJECT attribute and enter the necessary values.
6. Click Save & Publish and then Finish.

Additional Note for Enterprise Organizations with Multiple Locations:

• For organizations with multiple sites, you may need to assign a unique Entity ID for each tenant.
• To enable this feature in Tenfold:
  • In the Tenfold Dashboard, go to the SSO settings.
  • Enable "Use new Service Provider Entity ID format".
  • Save the changes. This will allow concatenating the Tenant Org ID with the Entity ID (e.g., sso.tenfold.com/org-id).