Share

Set up SSO with PingOne

This section explains how to set up your SSO connection using PingOne as the identity provider, so that users can sign in to Autodesk with their organization’s email address. This connection uses SAML (Security Assertion Markup Language) to allow Autodesk to communicate with PingOne to authenticate users.

  1. Open the PingOne Admin Portal and sign in as an administrator. Click Administrators to begin.



  2. In the navigation, click Connections > Applications

  3. Click Applications +



  4. In the Application Name field, specify  Autodesk SSO, select SAML Application from the options, and click Configure.



  5. Select Manually Enter and enter these dummy values: 

  • ACS URLs : https://okta.com

  • Entity ID : https://okta.com



  1. Click Save to save the values.

Begin setup in Autodesk

  1. In Autodesk Account, go to User management > By user or By Group.

  2. Select your team from the drop-down list and click the Team Settings ⚙️ icon in the upper right-hand corner.

  3. Go to the section Single sign-on (SSO) and select Manage SSO.

  4. Select Manage SSO tab > Set up connection.

Autodesk Account > Step 1: Add identity provider and metadata

  1. First, you will be asked to name your connection. Enter a name that will help you easily identify the connection between your identity provider and Autodesk. The name you choose can also help differentiate between connections. The name you choose must be unique and not in use by another team or organization.

  2. Select your identity provider PingOne from the drop-down menu

  3. Under Add Metadata, select Manual Setup. You will need to fill in these metadata fields with information from PingOne.

  4. Switch to PingOne portal. Click Configuration and copy the Issuer ID from PingOne. Switch to Autodesk Account and paste this value in the Entity ID field.

  5. Go back to PingOne, copy the Single Signon Service. Switch to Autodesk Account and paste this value in the Sign-on URL field.



  6. Next, go to PingOne, and under Connection Details, click Download Signing Certificate > X509 PEM (.crt). Switch to Autodesk Account, in the Identity Provider Certificate field, click Upload the Certificate to upload X509 PEM (.crt).



PingOne Autodesk
Issuer ID Entity ID
Single Signon Service Sign-on URL*
X509 PEM (.crt) Identity provider certificate
  1. Confirm that the fields are filled in and click Next in Autodesk Account.
Note:

In Autodesk Account > Step 1: Add identity provider and metadata, you will see a selection for the binding method next to the *Sign-on URL**. Binding refers to the mechanism used to transmit authentication data between your identity provider (PingOne) and the service provider (Autodesk). There are two binding methods: Post and Redirect. The Post method is recommended and is selected by default. This method transmits SAML messages within an HTML form using base64-encoded content. Because messages are encoded, it is more secure than the Redirect method, and is recommended as a security best practice. The Redirect method transmits SAML messages encoded as HTTP URL parameters. The response is part of the URL and may be captured and exposed in various logs, making this method less secure than the Post method.

Autodesk Account > Step 2: Add Autodesk metadata and attributes to PingOne

  1. In Autodesk Account, click Manual Setup under the Add Metadata section.

  2. Switch to PingOne portal and click on Edit icon.



  3. From Autodesk Account, copy the Entity ID and paste it into the Entity ID field in PingOne.

  4. From Autodesk Account, copy the Assertion Customer Service (ACS) URL and paste it into the ACS URLS field in PingOne.

  5. From Autodesk Account, download the Verification certificate and under Verification Certificate in PingOne, click Import > Choose file and select the Autodesk Verification certificate. Click Save to save the values. PingOne does not require the Sign-on URL from Autodesk account so you can ignore this field.



Quick Reference

PingOne Autodesk
Entity ID Entity ID
ACS URLs Assertion Customer Service (ACS) URL
Verification Certificate Verification Certificate

  1. Still in PingOne, click Attribute Mappings, and map these attributes according to the table.



Autodesk attributes PingOne attributes names
email Email Address
firstName Given Name
lastName Family Name
objectGUID User ID
Note:

Example: Click + Add to add in new row of attribute. In the Attributes field, enter email. In the PingOne Mappings, click the drop-down select Email Address. In the Required field, select the Checklist box.

Similarly, map the other attributes (firstName, lastName, objectGUID). After you confirm that the attributes are mapped correctly, click Save to save the values. 

Autodesk Account > Step 3: Test your connection

Now you will need to test your SSO connection to make sure that PingOne and Autodesk can communicate with each other to authenticate users.

  1. To test your connection, go to the PingOne portal, click the Toggle to enable user access to the application. Only admins of the application are given automatic access to the application. To add new users, go to Identities > Group. View PingOne documentation Adding users to group for more information.



  2. To test your connection, Switch to Autodesk Account, click Next to go Step 3 – Test your connection and click Test Connection to be redirected to your organization’s SSO sign-in page. (If you are not redirected, see Troubleshooting).



  3. Sign in with your organization email and password to make sure that the SSO connection between PingOne and Autodesk is set up correctly. If the test is successful, you will see the message “Connection Test Result: Success” and a list of properties.



  4. Confirm that the attributes have mapped correctly by comparing the Property and Value columns. The property “first name” should appear next to the user’s first name, “last name” should appear next to the user’s last name, and so on. If you need to make changes, return to your PingOne portal and re-map the attributes.

  5. Once you have confirmed that attributes are mapped correctly, close the tab to return to Autodesk Account and click Next.

    Note:

    In order to proceed to step 4, which involves linking a verified domain, it is crucial that your connection is tested successfully.



  1. You will see a list of your verified domains. Select one or more verified domains to link to your connection.

  2. Click Save connection to complete the setup.

Note:

If a domain is not verified, you can still save the connection and link it later. If you have not added or finished verifying domains, go to Add and verify domains to complete the process.

Previous: Set up your connection

Next: Test and turn on SSO

Parent page: Set up your connection

Was this information helpful?