Three lines





  • Data Store already set up in PingFederate Server >> System >> Data Store
  • Password Credential Validator already setup in PingFederate >> System >> Password Credential Validator
  • Under System >> Protocol Settings, make sure SAML 2.0 Entity ID is set (likely to be the same value as the Base URL value)

PingFederate SSO Configuration

  1. Go to Applications >> SP connections >> Create Connection 1

  2. Choose Do not use a template for this connection 2

  3. Check Browser SSO Profiles (SAML 2.0) 3

  4. In Import Metadata, choose None and click Next 4

  5. In the General Info section, enter following information:

  6. In Browser SSO, click on Configure Browser SSO 6

    • Check both IDP-initiated SSO and SP-initiated SSO 6.1

    • In the Assertion Lifetime section, change the assertion lifetime if needed (optional), and click Next. 6.2

    • In Assertion Creation, click on Configure Assertion Creation 6.3

    • In the Identity Mapping section, select Standard and click Next 6.3.1

    • In the Attribute Contact subsection, select a format for the SAML_SUBJECT with the value urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and click Next 6.3.2

    • In the Authentication Source Mapping section, click Map New Adapter Instance. 6.3.3

      • Go to Manage Adapter Instances >> Create New Instance

      • Choose an instance name and id (no spaces, and it must be unique). Select HTML Form IdP Adapter as the Type

      • In IdP Adapter, go to Add a new row to Credential Validator

        • Select your Password Credential Validator, and click on update, scroll to the bottom of page and click Next
      • Review Extended Contract tab and click Next

      • In Adapter Attributes, check username as the pseudonym and click Next

      • In Adapter Contract Mapping, go to Configure Adapter Contract

        • Click Add Attribute Source.

        • Choose a source id and description. Then select your active data store and click Next
        • In LDAP Directory Search, fill out Base DN (example CN=Users,DC=amazonaws,DC=com). In Attributes to return from search, select Show All attributes and userPrincipalName. Then click on Add Attribute.
        • In LDAP Filter, fill out the Filter box with userPrincipalName=${username} and click Next
        • Review Summary for your Attribute Sources and User Lookup and click Save
      • Once you have created the attribute source, click Next.

      • In Attribute Contract Fulfillment, select Adapter for source and username for value (do it for all the attributes)

      • Review the Summary for your new IdP Adapter Instance and click Done

    • In Protocol Settings tab, click Configure Protocol Settings 6.3.4

      • In Assertion Consumer Service URL, select Post for Binding and add Uber’s ACS URL. Click Add
      • Go to Allowable SAML Bindings, keep only POST and REDIRECT checked
      • Review the rest of the tabs, go to Summary and click Save after verifying configuration *** Do we want to recommend the rest of the settings?
  7. In Credentials, click on Configure Credentials

    • Go to Manage Certificates, then Create New
    • Fill out the required fields, then click on Next and save it.
  8. Keep click on Next and Done until the SP connection is created

Enabling SSO for your Uber organization account

  1. Please follow the steps in this documentation to enable SSO for your organization account on Uber platform. As mentioned in the linked documentation, as part of enabling SSO, you’ll have to share the following information with your Uber Sales Manager:
    • Organization’s name or uuid
    • Email domain (e.g.
    • PingFederate’s IdP sign-in URL (e.g. https://:9031/idp/SSO.saml2)
      IdP public key - you can get this information on your PingFederate server under Applications >> SP Connections >> Your Uber connection >> Credentials >> Certificate Management >> Select Action >> Export


© 2023 Uber Technologies Inc.