# Setup in Ping Identity

This page explains how to register SonarQube in PingOne. The procedure with PingFederate is similar (The properties and values to be configured are the same.). This is the first step of SAML authentication setup with Ping Identity. For an overview of the complete setup, see [introduction](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/ping-identity/introduction "mention").

## Step 1: Create the SonarQube SAML application <a href="#create-saml-app" id="create-saml-app"></a>

1\. In PingOne, go to **Applications > Applications**.

2\. Select the **+** icon.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-7a0b8673cedfac76346138e4467c68dd691a75ee%2F52a190678c875b4c6fa6a3b7e5e1ebe20823863a.png?alt=media)

3\. Enter the application name and description.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-55568d970b89a1018d2ab982395f1a2ee4d717b2%2F1604490fe1fb20a17c33ab7a9922917736d682cc.png?alt=media)

4\. In **Choose Application Type**, select **SAML Application**.

5\. Select **Configure**.

6\. Select the **Manually Enter** option and set:

* * **ACS URL** (Assertion Consumer Service): Must be in the format: `<sqServerBaseUrl>/oauth2/callback/saml`

Example: `https://my-sonarqube.com/oauth2/callback/saml`

* * **Entity ID:** Identifier of the SonarQube application in PingOne\
    Example: `sonarqube`

7\. Select **Save**.

## Step 2: Configure the application <a href="#configure-app" id="configure-app"></a>

1\. Go to the **Attribute mappings** tab of the SonarQube application you created in step 1 (To retrieve the application, go to **Applications > Applications** and open the application details page.**)**.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-28f5a3d5a0d6e2a9052397dd5d6d5c6d2b87b5cd%2F1b44e1b4b548489f7b0bdc7f0b8c471dce49f824.png?alt=media)

2\. Select the pencil icon and the **+Add** button to add an attribute mapping: select a PingOne user attribute and map it to an attribute in the application. See the example below.

<details>

<summary>SAML attribute mapping example</summary>

| SAML attribute in the application | PingOne user attribute | Description                                                                                                                                                                               |
| --------------------------------- | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| saml\_subject                     | User ID                | <p><br></p>                                                                                                                                                                               |
| login                             | Family Name            | A unique name to identify the user in SonarQube.                                                                                                                                          |
| name                              | Given Name             | User name.                                                                                                                                                                                |
| email                             | Email Address          | User email address.                                                                                                                                                                       |
| <p><br></p><p>group\_names</p>    | Group Names            | Required only if you use the group synchronization feature (If a matching group is found in SonarQube, the Ping user account’s memberships in that group are synchronized in SonarQube.). |

</details>

3\. Select **Save**.

4\. Go to the **Configuration** tab and select the **Download Metadata** button to download the SAML metadata containing your X.509 certificate.

## Step 3: Enable the application <a href="#enable-app" id="enable-app"></a>

1. In PingOne, retrieve the application: go to **Applications > Applications** and open the application details page.
2. In the top right corner of the application, select the toggle button.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-56930b165883cbe72f366d440abed7c7c823c274%2Fdac4fec60f612b46dc8e9f8bd42886f6c56781ec.png?alt=media)

## Step 4: Assign users and groups to the application <a href="#assing-users" id="assing-users"></a>

1. To create users, go to **Identities > Users** and select **+ Add User**.
2. To create a group:
   * Go to **Identities > Groups.**
   * Select **+** to create and save a group.
   * On the page of the new group, open the **Users** tab, and add users to the group.

## Related pages <a href="#related-pages" id="related-pages"></a>

* [overview](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/overview "mention")
* [setup-in-sq](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/ping-identity/setup-in-sq "mention")
* [optional-security-features](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/ping-identity/optional-security-features "mention")