# Setup in SonarQube Server This is the second step of SAML authentication setup with Ping Identity. For an overview of the complete setup, see [introduction](https://docs.sonarsource.com/sonarqube-server/instance-administration/authentication/saml/ping-identity/introduction "mention"). Proceed as follows: 1. Go to **Administration > Configuration > General Settings > Authentication> SAML**. 2. Select **Create Configuration**.

Select the Create Configuration button to create a new SonarQube configuration for SAML

3. Fill in the fields as explained in the table below. * Some fields must be filled with the values set in the application created in PingOne (or PingFederate) during the setup in Ping Identity (see [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention")). To retrieve these values, retrieve the application in PingOne as follows: go to **Applications > Applications** and open the application’s detail page. * Some fields must be filled with values retrieved from the metadata file downloaded in **Step 2** of [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention").

Field in in SonarQube	Description
Application ID	In the application’s Configuration tab: Entity ID.
Provider ID	Is retrieved from the downloaded metadata file. See below.
Provider Name	Name of the Identity Provider displayed in in SonarQube login page when SAML authentication is active.
SAML Login URL	Is retrieved from the downloaded metadata file. See below.
Identity provider certificate	Is retrieved from the downloaded metadata file. See below.
SAML user login attribute	`login`
SAML user name attribute	`name`
SAML user email attribute	`email`
SAML group attribute	`group_names`

Retrieving values from the downloaded metadata file

1. Open the metadata file (`saml2-metadata-idp-.xml`) you downloaded in **Step 2** of [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention"). This file contains your X.509 certificate. 2. Find the ` Find the <md:EntityDescriptor... node in Ping Identity's metadata file

Find the <md:EntityDescriptor... node in Ping Identity's metadata file

3. Find the first instance of ` Find the first instance of <md:SingleSignOnService... node in Ping Identity's metadata file

4. Find the `` node. Set its contents as the in SonarQube Server’s **Identity provider certificate**. Note that end-of-line spaces and new line characters are fine, it does not need to be all on one line of text.

Find the <ds:X509Certificate> node in the Ping Identity's metadata file

4. Save the configuration. 5. Before enabling SAML authentication on in SonarQube Server, you can verify that the configuration is correct by selecting **Test Configuration**. This will initiate a SAML login and return useful information about the SAML response obtained from the identity provider. 6. Select **Enable configuration**. 7. Check that the SonarQube Server login form now contains a SAML login button. The text highlighed in the figure below can be configured through the **Provider Name** field of the SAML configuration in SonarQube Server.

SonarQube Server login form with login button for SAML

## Related pages * [overview](https://docs.sonarsource.com/sonarqube-server/instance-administration/authentication/saml/overview "mention") * [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention") * [optional-security-features](https://docs.sonarsource.com/sonarqube-server/instance-administration/authentication/saml/ping-identity/optional-security-features "mention")