- Adding Bugcrowd to Your Ping Identity Account
- Accessing SAML Information in Bugcrowd
- Adding SAML Information in Ping Identity
- Mapping Ping Identity to Crowdcontrol
- Verifying Domain
- Logging in Using SSO
Specific Role Required to Configure SSO: To configure SSO for your program, you must be an Organization Owner. Organization Owners can log in using Username and Password.
Adding Bugcrowd to Your Ping Identity Account
Log in to your Ping Identity account.
Click Add Application > New SAML Application.
Specify the following:
- Application Name: Bugcrowd
- Application Description: Crowdsourced Cybersecurity
- Category: Engineering
Pause at this screen and continue to next Step.
Accessing SAML Information in Bugcrowd
In Crowdcontrol, click your profile.
Click Single Sign-on (SSO).
The SSO Configuration for Bugcrowd Operations page is displayed.
Make a note of the Single sign on URL and SP Entity ID.
Single Logout: Bugcrowd only supports logouts Identity Provider (IdP) initiated logouts, that is logging out of Bugcrowd will not log you out of your SSO provider.
Adding SAML Information in Ping Identity
Go back to Ping Identity (last step in the first section).
Specify the following:
- Assertion Consumer Service (ACS): Paste the Single sign on URL you copied from your Bugcrowd account.
- Entity ID: Paste the SP Entity ID you copied from your Bugcrowd account.
Save and publish.
Mapping Ping Identity to Crowdcontrol
Click View Setup Instructions.
Download the Certificate and SAML Metadata file and open these files using a text editor.
From the SAML metadata
xmlfile, copy the entityID and paste it into the IdP Entity ID field in Crowdcontrol.
Copy the Initiate Single Sign-On (SSO) URL from Ping Identity into the IdP SSO Target URL field in Bugcrowd.
Copy the contents from the Certificate file and paste it into the IdP Certificate field in Bugcrowd.
After completing, the settings must be similar to the following screenshot.
Click Save Authentication Settings.
Domain Verification is required for SSO to function properly.
All domains must be verified by Bugcrowd. You will not be able to login until the email address domains are verified.
In Crowdcontrol, click your profile and then click Domains.
The Domain Verification page is displayed.
Specify the domain and click ADD DOMAIN.
A verification code is displayed.
Add a TXT record at the domain’s root with this code.
For information about adding a TXT record, consult your DNS provider. For any additional help verifying domains, send an email to firstname.lastname@example.org.
DNS verification may take up to 24 hours to succeed.
Logging in Using SSO
After you have enabled SSO, your team members can navigate to the Company Apps in Ping Identity and click the Bugcrowd app to log in. If SSO is set up properly, members will be logged into Crowdcontrol.