Configuring a PingID IAM integration with Immuta

Issue

The user was unable to setup a PingID IAM integration with Immuta and had questions on which Issuer/Entry point should be used.

Cause

Incorrect Entry Point was being used.

Resolution

We tried a few combinations of the Issuer and Entry point but ultimately ended with the following options:

Issuer: https://<company_name>.hosted.immutacloud.com

Entry Point: https://idp.myid.<company_name>.com/idp/SSO.saml2 (The SP-initiated SSO URL in PingID)

When attempting to Test User login we saw the following error:

SAML provider returned Requester error: Cannot provided requested name identifier with format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress for the given subject

This is an issue on the PingID side where a required name identifier doesn't exist. The user used the following article to addresses this error:

https://support.pingidentity.com/s/article/Cannot-provide-requested-name-identifier-with-format-for-the-given-subject

PreviousAttributes must be populated in Okta in order to be imported Immuta NextConfiguring a SAML IAM when using an Immuta public URL

Last updated 5 months ago