This topic describes how to add an external identity provider to your Single Sign‑On for VMware Tanzu Application Service service plan.

Set up SAML

  1. Log in to the SSO Operator Dashboard at https://p-identity.SYSTEM-DOMAIN as a Plan Administrator.

  2. Select your plan and choose Manage Identity Providers from the drop-down menu.

    Screenshot of the Plans pane. In the dropdown menu for the plan PingFederate PCF SSO,
the option Manage Identity Providers is highlighted.

  3. Click New Identity Provider.

    Screenshot of the New Identity Provider Pane.

  4. To create a new identity provider, perform the following steps:

    1. Enter an identity provider name into Identity Provider Name.
    2. (Optional) Enter a description into Identity Provider Description.
    3. Click SAML File Metadata (optional), then click the Upload Identity Provider Metadata button to upload your metadata XML.
    4. (Optional) Under Advanced SAML Settings, click Attribute Mappings to enter the mappings.
  5. Click Create Identity Provider.

  6. Click Resource Permissions.

  7. Click New Permissions Mapping and perform the following steps:

    1. Enter a Group Name.
    2. For Select Permissions, select the permissions that the members of the group from the external identity provider should have access to.
  8. Navigate to the identity provider list.

  9. Click Group Whitelist and enter the group names from the external identity provider to propagate in the ID token when a user authenticates.

check-circle-line exclamation-circle-line close-line
Scroll to top icon