support Contact Support | system status System Status

Securing Experiences Using PingOne

In this topic you will learn how to secure experiences using PingOne SSO.

When an experience is secured using SSO, users will be required to authenticate before they can access a Web or Mobile App Experience.

The steps in this topic assumed you have created a PingOne trial account and have confirmed your account through email.

Creating an identity repository

Start by creating an identity repository.

  1. Login to your PingOne account. The Dashboard page will appear.
  2. Click SETUP in the header. The Settings page will open.
  3. Click Connect to an Identity Repository.
  4. Click on PINGONE DIRECTORY and then click Next.
  5. Confirm that the directory has been configured.
  6. Click Next.
  7. For the MAP ATTRIBUTES section, keep the default values and click Finished.
The PingOne Directory page will display the directory statistics.

Creating an application

Next we'll create an application that will be secured using SSO.

  1. Click APPLICATIONS in the header. The My Applications page will open.
  2. Click Add Application.
  3. Select New SAML Application.
  4. Enter an Application Name and Application Description.
  5. Select a Category (recommend Communication).
  6. (Optional) Click Change and browse and select an icon for the application.
  7. Click Continue to Next Step.
  8. On the Application Configuration page, locate the SAML Metadata field.
  9. Click the Download link.
The downloaded file will be needed when creating an Access Control Profile in Brightcove Engage.

Creating an Access Control Profile

You need to create an Access Control Profile that will be used to secure any experiences you want to secure using SSO.

  1. Login to your Brightcove Engage account.
  2. Click Settings in the header.
  3. Click Create Profile.
  4. Give the profile a Name.
  5. Locate the Import SSO metadata section and then click Select File.
  6. Browse and select the SAML metadata file you downloaded from PingOne (in the previous section).
  7. Confirm that values for the SAML 2.0 Endpoint and X.509 Certificate have been filled in.
  8. Click Save and confirm that the profile was created.
  9. Click on the Metadata URL field and save the XML file.

The XML file will be needed to complete the application configuration in PingOne.

Completing the application configuration

  1. Return to the PingOne application.
  2. On the Application Configuration section, locate the Upload Metadata field.
  3. Click Select File and browse and select the file you downloaded after creating the Access Control Profile in Brightcove Engage.
  4. Confirm the Assertion Consumer Service (ACS) and Entity ID fields were filled in with values after the import.
  5. Click Continue to Next Step.
  6. On the SSO Attribute Mapping section, add the following attributes:
    Application Attribute Literal Value
    firstName First Name
    lastName Last Name
    email Email
  7. Click Save and Publish.
  8. Confirm that the application was created.

Mapping the application attributes will cause the following to happen in Brightcove Engage Experiences:

  • For Mobile App Experiences, the user's name and email address will appear on the Profile page
  • For all experiences, the user's email address will appear as part of video analytics

Editing group permissions

The final step is to give all users in PingOne access to the Brightcove Engage application.

  1. Click USERS in the header. The User Groups page will open. Some default groups will have been created.
  2. Click Edit next to the Users@directory group.
  3. Select the application you created so all users will have access to the application.
  4. Click Save.

Assign the Access Control Profile to an experience

The last step is to assign the Access Control Profile that was created to the experience(s) you want to secure.

  1. Return to Brightcove Engage.
  2. Edit the experience you want to secure.
  3. In the left navigation, click ACCESS CONTROL.
  4. Select the Access Control Profile that is associated with the PingOne SSO configuration.
  5. Click Save.
  6. Publish the experience.

When you access the experience, you should be prompted by PingOne to login. The following image is when trying to access a Mobile App Experience.

Page last updated on 23 Apr 2020