In Kantega Single Sign-on, add a new identity provider and select "Ping Federate" from the dropdown:

Open

In the Prepare step, copy the Metadata URL if your Atlassian server is available to Ping Federate, or download the file if it's not.

Open

Open the Ping Federate admin console in a separate browser tab. Press Create New in IdpConfiguration

Select Connection Template: Browser SSO Profiles PROTOCOL SAML 2.0. Press Next.

Select Browser SSO. Press Next.

Select the desired metadata import option. Press Next.

Review the metadata summary. Press Next.

Under General Info:

• Fill in the fields by (if not already imported using metadata)

  • Entity ID (copy from KSSO prepare step)

  • Connection Name 

  • Base URL

• Press Next

Select Configure Browser SSO. Press Next.

Select whether you want IDP-initiated SSO, SP-Initiated SSO, or both. Press Next.

Accept the default assertion lifetime. Press Next.

Select "Configure Assertion Creation"

Select Standard Identity Mapping. Press Next.

Configure Attribute Contract. This step may be skipped if you don't intend to use Just-in-time provisioning to create user accounts when users log into the Atlassian application.

"Extend the contract" with the additional fields from the table below.

Press Next.

Authentication Source Mapping. Select Map New Adapter Instance.

Adapter Instance:

• Choose your preferred Adapter Instance

• In this example, we create: PingOne HTML Form Adapter

Press Next.

Mapping Method:

Select Use Only The Adapter Contract Values In The SAML Assertion. Press Next.

Attribute Contract Fulfillment:

• Select the values for SAML_SUBJECT, email, givenName, and surname

Press Next.

Issuance Criteria:

• Optionally add Issuance Criteria

Press Next.

IDP Adapter Mapping Summary:

• Review the Summary

Press Done.

Assertion Creation

• You have now completed Map New Adapter Instance

• Select Map New Authentication Policy

Authentication Policy Contract

• Choose an already existing Authentication Policy Contract or press Manage Authentication Policy Contracts.

• In this example, we create a new policy contract 

Manage Contracts

• Select Create New Contract

Contract Info

• Give the contract a name

• Press Next

Contract Attributes

Extend the contract with the following attributes:

• email

• givenName

• surname

• userPrincipalName

After adding the attributes, press Next.

Authentication Policy Contract Summary

• Review the Summary

• Press Done

Authentication Policy Contracts

• You have now added a new Authentication Policy Contract

• Press Save

Selecting an Authentication Policy Contract

• Select the desired Authentication Policy Contract

• Press Next

Mapping Method

• Select Use Only The Authentication Policy Contract Values In The SAML Assertion

• Press Next

Attribute Contract Fulfillment

• Map the Attribute Contract Attribute to the corresponding Value

• Press Next

Issuance Criteria

• Optionally add Issuance Criteria

• Press Next

Authentication Policy Mapping Summary

• Review the Summary

• Press Done

Authentication Source Mapping 

• You have now completed 

  • Map New Adapter Instance

  • Map New Authentication Policy

• Press Next

Assertion Creation Summary

• Review the Summary

• Press Done

Assertion Creation

• You have now completed the Assertion Creation

• Press Next

Protocol Settings

• Press Configure Protocol Settings

Assertion Consumer Service URL

• The Endpoint URL should be automatically filled from the metadata 

• When not using metadata, add the ACS URL from the Prepare step in Kantega Single Sign-on

• Note that in this example, we use the relative URL to the Base URL configured in General Info

• Press Next

Allowable SAML Bindings

• Set Redirect as  the Allowable SAML Binding

• Press Next

Signature Policy

• You can choose to have the assertion singed or not 

• Press Next

Encryption Policy

• Select whether you want the assertion encrypted as well 

• This guide does not cover encrypted assertions

• Press Next

Protocol Settings Summary

• Review the Summary

• Press Done

Protocol Settings

• You have now completed the Protocol Settings

• Press Next, then Done

Browser SSO

• You have now completed the Browser Configuration

• Press Next

Credentials

• Select Configure Credentials

Digital Signature Settings

• Select an already existing certificate or create a new one

• If you are making a new certificate, Press Manage Certificates

Manage Digital Signing Certificates

• Press Create New

Create Certificate

• Fill the required fields 

• Choose how long the certificate should be valid

• Press Done

Create Certificate Summary

• Review the Summary

• Press Done

Manage Digital Signing Certificates

• Make sure the desired certificate is active

• Press Save

Digital Signature Settings

• Select Include The Certificate In The Signature <Keyinfo> Element

• Press Done

Credentials

• You have now completed Credentials

• Press Next

Activation and Summary

• Select Connection Status: Active

• Press Save

Metadata Export

• Navigate for Server Configuration

• Metadata Export

Metadata Mode

• Select Use A connection For Metadata Generation

• Press Next

Connection Metadata

• Select the connection

• Press Next

Metadata Signing

• Select the signing certificate

• Check Include This Certificate's Public Key In The Certificate <Keyinfo> Element.

• Press Next

Export & Summary

• Export the metadata (Press Export)

• Press Done

Configuring Kantega Single Sign-on

Finally, go back to the Kantega SSO tab. Still on the Prepare step, press Next.

Metadata import

• Select the exported metadata from Ping Federate

• Press Next

Location

• Give the IDP a proper name

• The SSO redirect URL is imported from the metadata

Signature

• Review the imported signing certificate (This step is purely informational)

• Press Next

Users

• Select whether users already exist or if you wish to have users automatically created upon login

• Optionally assign a default group for new users.

You should now be able to test SAML login through Ping Federate.