Versions Compared

Old Version 5

changes.mady.by.user Elliot Dooleysmith

Saved on

compared with

New Version 6

changes.mady.by.user Simon Barlow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

PingOne Settings

For this process, you will first need to download the SPMetadata.xml file from ResourceXpress.
This can be found in System Settings under the SSO Setting tab

Open the PingOne admin portal https://admin.pingone.com/web-portal/login and login with the admin user account:

...

From the admin console Dashboard, click the Applications menu to display the My Applications tab:

...

Click Add Application and select New SAML Application to display this form:

...

Complete the Application Details with the Application Name, Application Description and select a Category.

Click Continue to Next Step to display the Application Configuration form:

...

Complete the Application Configuration form:

SAML Metadata. Click Download to download the metadata XML (will be uploaded to RX SaaS application).
Protocol Version. Select SAML v2.0.
Upload Metadata.
Click Select File to upload the SPMetadata.xml file
Assertion Consumer Service (ACS) and Entity ID are auto-populated from the SPMetadata.xml.

Click Continue to Next Step to display the SSO Attribute Mapping form:

...

Complete the SSO Attribute Mapping form:

Application Attribute. Enter 'email'.
Identity Bridge Attribute or Literal Value. Select 'Email'.
Click Save & Publish.

The information in this guide is correct as of 1st September 2021

Table of Contents

Download the ResourceXpress MetaData file

Note

Before downloading the Metadata file ensure you are accessing ResourceXpress via a routable URL. Do not download the file if you are browsing the application from its host server using “localhost”.

If your end-users will be accessing ResourceXpress via a public/external URL ensure you generate the file when browsing this URL not the internal FQDN.

Login to ResourceXpress as an application administrator

Navigate to the SSO Settings tab found on the System Settings page, under the Administration Settings menu header, download the SPMetadata.xml.

...

Keep hold of this file for a later step.

Configure an Application in PingOne

Login to your PingOne admin console using your unique environment URL

In the desired environment navigate to Connections - Applications and click the

...

icon to add a new Application.

...

Under New Application select WEB APP

...

Select Configure for the SAML connection type

...

Under Create App Profile provide an Application Name e.g. RX SaaS and optionally add a description and logo file.

Under Configure SAML select the option Import Metadata then click Choose File. Upload the SPMetaData.xml file obtained in Step 1.

ACS URL’s

The initial ACS URL will be populated automatically when the SPMetaData file is uploaded. This will be in the format https://rxserver.domain.com/SsoConsumer

PingOne also requires some additional ACS URL’s in order to accept the redirects to features such as Kiosk, Maps, and Mobile App use. The below table lists the required ACS URL’s with the expected format.

Table 1.0 - ACS URL’s

Note

The below URL’s are case sensitive and should be added exactly as formatted replacing only the RX URL and the ID number where applicable

Feature

ACS URL Required

Examples

Admin Console

https://<RXurl>/SsoConsumer?r=%2f

https://company.rx-cloud.com/SsoConsumer?r=%2f

Kiosk

https://<RXurl>/SsoConsumer?r=%2fkiosk%2f%3fID%3d1

For a system with 3x Kiosk profiles with ID numbers 1 to 3, the below additional ACS URL’s would be required

  1. https://company.rx-cloud.com/SsoConsumer?r=%2fkiosk%2f%3fID%3d1

  2. https://company.rx-cloud.com/SsoConsumer?r=%2fkiosk%2f%3fID%3d2

  3. https://company.rx-cloud.com/SsoConsumer?r=%2fkiosk%2f%3fID%3d3

Maps

https://<RXurl>/SsoConsumer?r=%2fMaps%2f%3fID%3d1

For a system with 3x Map profiles with ID numbers 1 to 3, the below additional ACS URL’s would be required

  1. https://company.rx-cloud.com/SsoConsumer?r=%2fMaps%2f%3fID%3d1

  2. https://company.rx-cloud.com/SsoConsumer?r=%2fMaps%2f%3fID%3d2

  3. https://company.rx-cloud.com/SsoConsumer?r=%2fMaps%2f%3fID%3d3

Mobile App

https://<RXurl>/SsoConsumer?r=%2f%3fma%3d1

https://company.rx-cloud.com/SsoConsumer?r=%2f%3fma%3d1

The remaining options in the Configure SAML section can be left with the default values.

SAML Attributes

The below shows the required attribute mappings that must be added before enabling SSO in RX.

...

The below table details all available attributes including optional values that can be mapped to user accounts during an SSO event.

To continue with the setup please ensure that the Required attributes are mapped, once verified click Save and Close

Table 1.1 - Attribute Mappings

PingOne User Attribute

Application Attribute

Required or Optional

Given Name

firstname

Required

Family Name

lastname

Required

Email Address

email

Required

RFID

Info

this attribute must first be created and populated in PingOne

rfid

Optional

Access Code

Info

this attribute must first be created and populated in PingOne

accesscode

Optional

RX Default Location

Info

this attribute must first be created and populated in PingOne

defaultlocation

The ID number for the Location that the user will have default access to.

Info

This requires a single Location ID value.

To get the Location ID number, navigate to the location edit screen.

Administration Settings → System Settings → Locations

Then select the Edit Button ( (blue star) ) for the correct location.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Setting/Location?Id=1

Optional

RX Allowed Location

Info

this attribute must first be created and populated in PingOne

allowedlocation

A comma separated list of Location ID numbers that the user has access to.

Info

If more than 1 location is required, separate the ID values with a comma ( , ).

To get the location ID number, navigate to the location edit screen.

Administration Settings → System Settings → Locations

Then select the Edit Button ( (blue star) ) for the correct location.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Setting/Location?Id=1

Optional

Date Format

Info

this attribute must first be created and populated in PingOne

dateformat

The date format for the user.

dd,MM,yyyy → (25, 01, 2021)
MM / dd / yyyy → (01 / 25 / 2021)

Optional

RX Roles

Info

this attribute must first be created and populated in PingOne

roles

A comma separated list of Role ID numbers.

Info

If more than 1 role is required, separate the ID values with a comma ( , ).

The default role ID values are as below

Super Admin → 1
Server Admin → 2
User Admin → 3
User → 4
Messaging → 5
Reporting → 6
Location Admin → 7

To get the Role ID number for any custom Roles, navigate to the Role edit screen.

Administration Settings → System Settings → Locations

Then select the Edit Button ( (blue star) ) for the correct location.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Setting/Location?Id=1

Optional

The Ping One application has now been configured.

User Access

By default, PingOne will grant access to the application to all users in the environment. To restrict access to specific users and groups you will need to edit the applications Access settings.

Once you add specific users and/or groups, access to RX will be restricted to only those users.

...

The application is not enabled by default. To enable access via SSO toggle the button at the top of the application settings page which is highlighted in the above image.

Download the SP Metadata File

Under the Configuration section click the Download button to download the PingOne SP Metadata file. This file is required for the next step.

...

Configuring SAML App in ResourceXpress

...

You will need an existing Server/Super Admin account in ResourceXpress.
The email address for this account will need to match an allowed user in Azure ADPingOne.

Upload

Navigate to the SSO Settings tab, this can be found on the System Settings page, under the Administration Settings menu.

...

Sync user details

Info

This option has been was added in v1.5.1

This option allows for user details such as Access Code and RFID to be synchronized with ResourceXpress’s user's database, this will keep these details up-to-date each time a user signs in.

...