Configuring PureID(PureAuth) as Identity Provider

PureID(PureAuth) is a cloud-based platform designed to provide secure, phishing-resistant access to enterprise resources without relying on traditional

This article provides a step-by-step guide to configuring PureID as the Identity Provider for all the services you use.

Prerequisites

1. Please make sure you have created the SSO configuration for the service for which you want to set PureID as the Identity Provider.

2. Also, make sure that the user(s) is present in the PureID portal and the respective service’s portal that you are trying to access.

3. The same user(s) must be present in Scalefusion, and the SSO configuration of the respective service is applied to it.

Step 1: Configuring PureID as an Identity Provider on Scalefusion dashboard

1. Navigate to OneIdP > Identity Providers.

2. Click on the New Provider button.
   

   

3. Select PureID and click on Next.
   

   

4. Provide a name to this configuration for easy identification.
   

   

5. Service Provider Details will be added in thePureID Admin Console as shown in Step 2.

6. IdP Details will be generated on the PureID Admin Console as shown in Step 2.

Step 2: SAML Setup in PureID Admin Console

1. Log into your PureID Admin console.

2. Navigate to Applications > Applications.

3. In this page click on the plus button next to Applications on the top left-hand side.
   

   

4. Navigate to Add button of Custom App
   

5. Provide a application name name to this configuration for easy identification
   

   

6. On the same page, add the SAML Response Endpoint (ACS URL) and Audience (Entity ID) from the Scalefusion dashboard here.

   1. SAML Response Endpoint (ACS URL) will be the OneIdP SSO URL and Audience (Entity ID) will be OneIdP Audience URI/Entity Id.
      

      

      
      
      

      
      

7. Click on Save.
   

8. Next, go to the Application create on PureID Portal and click on that application icon.
   

   

9. Next, go to the SAML Settings .

   1. Copy the Issuer URL (Entity ID) URL, SAML Login URL URL, and SAML Logout URL and save them, as these will be used on the Scalefusion dashboard.

   2. Copy the X509 Certificate and save the content by extension (.cer, .crt) as this will be uploaded on the Scalefusion dashboard.
      

      

      
      

Step 3: Adding PureID SAML setup details to the Scalefusion dashboard

1. On the Scalefusion dashboard, enter the saved URLs from Step 2 in the respective fields.

2. Upload the x509 certificate that you downloaded in Step 2.

3. Click on Save.
   

   

   
   

Step 4: Associating PureID Identity Provider with a Directory

1. Navigate to OneIdP > Directory.

2. Click on the 3-dots under Actions for the concerned Domain.

3. Click on Settings.
   

   

4. Go to the Federated Authentication tab and toggle on the button for PureID as an Authentication source.
   

   

5. You can also “Set default authentication source”.
   

   

   1. On setting a default authentication source, whenever you add any new user in the Scalefusion dashboard and migrate it to OneIdP, the default Authenticator would be PureID.
      

      

6. Click on Next and Save.

7. For existing users that are present in the Scalefusion dashboard, you can change the default authentication source by going to 3-dots under Actions > Update Authentication Source.
   

   

8. Select PingOne from the drop-down list for “Set Authentication Source” and click on Update Now.
   

   

User Login Flow

When the user enters their email on the service login page, they will be redirected to OneIdP. From there, OneIdP will redirect the user to the chosen identity provider (PureID, in this case) for authentication. Once the identity provider authenticates the user, then user will be asked for OneIdP Compliance.Once the compliance is pass then user can access the service.