Configure PingOne SAML

SourceClear Software Composition Analysis

About this task

Pro customers can integrate PingOne with SourceClear using SAML.
Note: After you set up SAML for your team, you cannot log in with GitHub authentication.

Procedure

  1. From the Applications tab, click Add Application > New SAML Application.
  2. Customize the name of the application and how it appears to your users.
  3. Enter the following values:
    Setting Value
    Assertion Consumer Service (ACS) https://api.sourceclear.com/saml/SSO
    Entity ID https://api.sourceclear.com/sp
    Application URL https://<orgname>.sourceclear.io
  4. SourceClear recommends that you add the following Application Attributes, but the are not required.
  5. Download the metadata, which you must send as an attachment to suppport@veracode.com.
    Note: Do not copy and paste the metadata contents in your email.
  6. Collect information about the existing SourceClear users in the organization you identified in the previous step.
    You must provide the following information in addition to the organization URL associated with the organization to which you want to add SAML, for example https://<orgname>.sourceclear.com:
    • The corporate email address of each user in the organization
    • If the user is expected to be an Administrator of the organization

      Compile this information in a spreadsheet or table with the following information: Email address, Administrator (yes/no).

  7. Send the information to support@veracode.com.
    Your integration is complete when SourceClear receives the information and updates your account. The Ping page continues to display the following message even after the configuration is complete: SAML 2.0 is not configured until you complete the setup instructions.
  8. Notify all the existing users of the transition.
    Users must confirm that they can log in using the corporate email address they provided. To confirm you can log in, navigate to https://<orgname>.sourceclear.io/saml.