Configure Ping Identity SSO settings

Last updated October 25th, 2023

If you enable Ping Identity as a sign-in method, you cannot use Samsung account to sign in to Knox services.

On the Knox Admin Portal

In the left sidebar, click Connections, then Applications.
Click Add Application.
Under SELECT AN APPLICATION TYPE, select WEB APP. In the prompt that appears, next to SAML, click Configure.
On the Create App Profile screen, enter the following information:
- APPLICATION NAME — Samsung Knox and Business Services
- DESCRIPTION — Samsung Knox is a comprehensive suite of enterprise solutions for security, manageability, and productivity.
Then, click Next.
On the Configure SAML Connection screen, under PROVIDE APP METADATA, select Manually Enter.
Under ACS URLS, enter https://central.samsungknox.com/ams/ad/saml/acs.
Under ENTITY ID, enter https://www.samsungknox.com/.
Under Assertion validity duration, enter 60 seconds, then click Save and Continue.
Next, configure the attributes:

PingOne users — On the Attribute Mapping screen, under SAML ATTRIBUTES, click ADD ATTRIBUTE > PingOne Attribute. Then, enter the following information in the new attribute:
1. PINGONE USER ATTRIBUTE — Email Address
2. APPLICATION ATTRIBUTE — http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
3. Next to Required, select the checkbox.
PingFederate users — add a new attribute for Email Address and map it to the following application attribute — http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Then, click Save and Close.
On the Applications screen, locate the Samsung Knox and Business Services item and click the toggle to enable it.
Expand the application details and click Configuration. Note the IDP METADATA URL for later.

In your Samsung Knox account settings, under App federation metadata URL, paste the IDP METADATA URL value you copied in Step 12.
Click CONNECT TO SSO.
In the sign-in window that opens, enter your Ping Identity credentials.