Skip to main content

Documentation Index

Fetch the complete documentation index at: https://launchdarkly-preview.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

We provide guidance for setting up SAML-based single sign-on (SSO) with PingIdentity, but PingIdentity is not an officially supported identity provider (IdP). We cannot provide additional support or configuration guidance for this configuration.

Overview

This topic explains how to set up SAML-based single sign-on (SSO) with PingIdentity. Setting up SSO with PingIdentity requires the following steps:
  1. Retrieving your Entity ID and ACS URL from LaunchDarkly
  2. Adding the LaunchDarkly application in PingIdentity
  3. Updating LaunchDarkly with URL and exchange certificate details
You can also set up member roles using the following steps:
  1. Defining user attributes in PingIdentity
  2. Mapping user attributes to LaunchDarkly
  3. Creating a PingIdentity group for LaunchDarkly access
  4. Assigning the group to the LaunchDarkly app

Prerequisites

To give your organization access to LaunchDarkly through PingIdentity, you need the following components:

Retrieve your Entity ID and ACS URL from Launch

Darkly To begin, retrieve your Entity ID and assertion consumer service (ACS) URL from LaunchDarkly:
  1. In LaunchDarkly, click the gear icon in the left sidenav to view Organization settings.
  2. Click Security.
  3. Click Edit SAML configuration.
  4. In the “SAML application details” section, copy the Assertion consumer service URL and the Entity ID, and save them for use in the next section.

Add the Launch

Darkly application in PingIdentity To add the LaunchDarkly application in PingIdentity:
  1. Log in to the PingIdentity admin console.
  2. Navigate to Applications.
  3. Click the + icon to add a new application.
The "Applications" screen in PingIdentity.
  1. Enter “LaunchDarkly SSO” as the Application Name.
  2. (Optional) Add a Description and Icon.
  3. Click SAML Application.
The "Add Application" screen in PingIdentity.
  1. Select Manually enter.
  2. Enter the LaunchDarkly ACS URL you copied from the previous section into the ACS URLs field.
  3. Enter the LaunchDarkly Entity ID you copied from the previous section into the Entity ID field.
The "Applications" screen in PingIdentity.
  1. Click Save. The LaunchDarkly application appears in the Applications list.
  2. Copy the Signon URL and save it for use in the next section.
  3. Click Download Signing Certificate and select the “X509 PEM (.crt)” format. The X.509 certificate downloads to your machine.
You will use the Signon URL and X.509 certificate in the next section.

Update Launch

Darkly with URL and exchange certificate details Next, update LaunchDarkly with the SSO URL and the X.509 exchange certificate:
  1. In LaunchDarkly, click the gear icon in the left sidenav to view Organization settings.
  2. Click Security.
  3. Click Edit SAML configuration.
  4. in the “SAML identity provider details” section, enter the Signon URL you copied from PingIdentity into the Sign-on URL field.
  5. Click Upload one to upload the X.509 certificate you downloaded from PingIdentity. Or, paste the certificate contents into the X.509 certificate field.
  6. Click Save.

Define user attributes in Ping

Identity You can assign LaunchDarkly roles to account members through PingIdentity. In PingIdentity, your account members are called “users.” First, define user attributes in PingIdentity:
  1. In PingIdentity, navigate to Directory, then User Attributes.
  2. Click the + icon to add a new attribute.
The "User Attributes" screen in PingIdentity.
  1. Select Declared.
  2. Enter “role” as the Name.
  3. Enter “LaunchDarkly Built-in role” as the Display Name.
  4. (Optional) Enter a Description.
  5. Select Enumerated values.
  6. Click + Add Value and enter “admin.”
  7. Repeat step 8 for “writer” and “reader.”
  8. Click Save.
The "Add Attribute" screen in PingIdentity.
  1. To repeat the process for custom roles, click the + icon to add a new attribute and select Declared.
  2. Enter “customRole” as the Name.
  3. Enter “LaunchDarkly Custom Roles” as the Display Name.
  4. (Optional) Enter a Description.
  5. Select No Validation.
  6. Click Save.
The role and customRole attributes appear in your PingIdentity user directory.

Map user attributes to Launch

Darkly Next, map PingIdentity user attributes to LaunchDarkly:
  1. Navigate to Applications.
  2. Select the “LaunchDarkly SSO” application.
  3. Click the Attributes Mappings tab.
  4. Click +Add.
  5. Enter “role” in the Attributes field.
  6. Select “LaunchDarkly Built-in role” from the PingOne Mappings menu.
  7. Click +Add.
  8. Enter “customRole” in the Attributes field.
  9. Select “LaunchDarkly Custom Roles” from the PingOne Mappings menu.
The "Edit Attribute Mappings" screen in PingIdentity.
PingIdentity user attributes are now mapped to LaunchDarkly roles and custom roles.

Create Ping

Identity groups for LaunchDarkly access Next you can allow LaunchDarkly access using PingIdentity groups:
  1. In PingIdentity, navigate to Directory, then Groups.
  2. Click Add Group.
  3. Enter “Access to LaunchDarkly App” or similar as the Name.
  4. (Optional) Add a Description.
  5. Select a PingIdentity Population that should have access to LaunchDarkly.
  6. Click Save.
The "Add Group" screen in PingIdentity.

Assign the group to the Launch

Darkly app Next, assign the group to the LaunchDarkly app:
  1. Navigate to Applications.
  2. Select the “LaunchDarkly SSO” application.
  3. Click the Access tab.
  4. Click the pencil icon.
  5. Search for and select the “Access to LaunchDarkly App” group.
  6. Click Save.
The application "Access" screen in PingIdentity.

Test your setup

Finally, you can test your SSO setup using Test drive mode.