Ping Identity single sign-on (SSO)
This article shows how to configure Ping Identity as the identity provider for Databricks.
Gather required information
Log in to Databricks as an administrator.
Go to the admin settings page.
Click Single Sign On.
Copy the Databricks SAML URL.
Do not close this browser tab.
Configure Ping Identity
In a new browser tab, log in to Ping Identity as an administrator.
Inside the PingOne admin portal, click the Connections icon. It looks like a flow chart connector.
Click +Add Application.
Click Advanced Configuration.
Next to SAML, click Configure.
Set Application Name to Databricks, then click Next.
For Provide App Metadata, click Manually Enter.
Enter the Databricks SAML URL from Gather required information into the following fields:
ACS URL
Entity ID
SLO Endpoint
SLO Response Endpoint
Target Application URL
Under Signing Key, select Sign Response or Sign Assertion and Response.
Important
Do not select Enable Encryption or Enforce Signed Authn Request.
Set Assertion Validity to a value between 30 and 180 seconds. For more details, see Accounting for Time Drift Between SAML Endpoints in the Ping Identity knowledge base.
Click Save and Continue.
Under SAML Attributes, set PINGONE USER ATTRIBUTE to Email Address.
Click Save and Close. The SAML application appears.
Click Configuration.
Click Download Metadata.
Open the downloaded XML file in a text editor.
Configure Databricks
Go back to the browser tab for Databricks.
In the admin settings page, click Single Sign On.
Set both Single Sign-On URL and Identity Provider Entity ID to the value of the
Location
attribute of the<SingleSignOnService>
tag in the XML file you downloaded from Ping Identity.Set x.509 Certificate to the value of the
<ds:X509Certificate>
tag in the XML file you downloaded from Ping Identity.Click Enable SSO.
Optionally, click Allow auto user creation.
Test the configuration
In an incognito browser window, go to your Databricks workspace.
Click Single Sign On. You are redirected to Ping Identity.
Log in to Ping Identity. If SSO is configured correctly, you are redirected to Databricks.
If the test fails, review Troubleshooting.