Lokalise

This feature is available only on the Enterprise plan.

<a href="https://www.pingidentity.com/en/platform/capabilities/authentication-authority/pingfederate.html" rel="nofollow noopener noreferrer" target="_blank">PingFederate</a> is a self-hosted identity and access management service provided by PingOne company.

In this article you'll learn how to set up single <a href="https://docs.lokalise.com/en/articles/3339495-saml-based-single-sign-on-sso">sign-on with Lokalise</a> and PingFederate.

To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:

Then, proceed to the Advanced security tab and tick the Enable SSO field:

Team's domain: Enter your full PingFederate domain.

ACS URL Preview: <code>https://app.lokalise.com/sso/yourdomain.com/acs</code> — be sure to include the full domain with TLD (e.g., <code>.com</code>, <code>.co.uk</code>).

SAML 2.0 Endpoint (HTTP): Enter the Single Signon Service URL from PingFederate. Example: <code>https://auth.pingone.eu/ca6a602d-c58d-488d-9d21-77e82366caf3/saml20/idp/sso</code>.

Identity Provider Issuer: Enter the Issuer ID from PingFederate. Example: <code>https://auth.pingone.eu/ca6a602d-c58d-488d-9d21-77e82366caf3</code>

Public Certificate: Paste the certificate obtained from the PingFederate SAML app’s settings. It must begin with <code>-----BEGIN CERTIFICATE-----</code> and end with <code>-----END CERTIFICATE-----</code>.

Sign AuthnRequest: Usually not required. If needed, enable the option, copy the Service Provider Public Certificate from Lokalise into a <code>.crt</code> file, and import it into PingFederate.

1. Team's domain: Enter your full PingFederate domain.
2. ACS URL Preview: <code>https://app.lokalise.com/sso/yourdomain.com/acs</code> — be sure to include the full domain with TLD (e.g., <code>.com</code>, <code>.co.uk</code>).
3. SAML 2.0 Endpoint (HTTP): Enter the Single Signon Service URL from PingFederate. Example: <code>https://auth.pingone.eu/ca6a602d-c58d-488d-9d21-77e82366caf3/saml20/idp/sso</code>.
4. Identity Provider Issuer: Enter the Issuer ID from PingFederate. Example: <code>https://auth.pingone.eu/ca6a602d-c58d-488d-9d21-77e82366caf3</code>
5. Public Certificate: Paste the certificate obtained from the PingFederate SAML app’s settings. It must begin with <code>-----BEGIN CERTIFICATE-----</code> and end with <code>-----END CERTIFICATE-----</code>.
6. Sign AuthnRequest: Usually not required. If needed, enable the option, copy the Service Provider Public Certificate from Lokalise into a <code>.crt</code> file, and import it into PingFederate.

Reconfiguring same SSO domain for another team

If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:

Empty all fields within Single sign-on (SSO) section of the Advanced security tab.

Proceed with configuring SSO for the other Lokalise team.

1. Empty all fields within Single sign-on (SSO) section of the Advanced security tab.
2. Uncheck Enable SSO setting.
3. Click on Save.
4. Proceed with configuring SSO for the other Lokalise team.

___________________________________________________________

In PingFederate, go to Applications &gt; SP Connections &gt; Create connection.

- In PingFederate, go to Applications &gt; SP Connections &gt; Create connection.

Select DO NOT USE A TEMPLATE, then click Next.

- Select DO NOT USE A TEMPLATE, then click Next.

Only modify fields explicitly mentioned in this guide. Leave all others at their default values.

Partner’s Entity ID (Connection ID) — <code>https://lokalise.com</code>

- Protocol — SAML 2.0
- Browser SSO — <code>true</code>
- Partner’s Entity ID (Connection ID) — <code>https://lokalise.com</code>

IdP-Initiated SSO — <code>true</code>

SP-Initiated SSO — <code>true</code>

- IdP-Initiated SSO — <code>true</code>
- SP-Initiated SSO — <code>true</code>

SAML_SUBJECT: Cannot be removed. Lokalise ignores it, so leave it as is.

NameID: Must be unique, pseudo-random, and stable (e.g., User ID or Account ID).

User.Email: <code>Email Address</code>

first_name (optional): <code>Given Name</code>

last_name (optional): <code>Family Name</code>

1. SAML_SUBJECT: Cannot be removed. Lokalise ignores it, so leave it as is.
2. NameID: Must be unique, pseudo-random, and stable (e.g., User ID or Account ID).
3. User.Email: <code>Email Address</code>
4. first_name (optional): <code>Given Name</code>
5. last_name (optional): <code>Family Name</code>

Attribute names and values are case-sensitive. Do not add any other parameters—Lokalise will disregard them.

Endpoint — enter the ACS URL Preview value from Lokalise.

Always SIgn Assertion — <code>true</code>

Sign Response as Required — <code>true</code>

- Endpoint — enter the ACS URL Preview value from Lokalise.
- POST — <code>true</code>
- Always SIgn Assertion — <code>true</code>
- Sign Response as Required — <code>true</code>

Include Certificate in KeyInfo — <code>true</code>

Selected Signing Algorithm — <code>RSA SHA256</code>

- Include Certificate in KeyInfo — <code>true</code>
- Selected Signing Algorithm — <code>RSA SHA256</code>

PingFederate pulls users from PingOne/PingIdentity. Refer to the <a href="https://docs.lokalise.com/en/articles/7146694-pingidentity-saml#h_69ed32c91d">PingIdentity documentation</a> for details on user assignment.

After setup, go to <code>https://app.lokalise.com/sso</code> and enter the user email associated with your PingFederate domain. On first login, Lokalise will prompt for email confirmation.

Learn how to set up single sign-on with PingFederate app.

PingFederate SAML

Try Lokalise

Developer Hub

Blog

Demo

Translate HTML

Go to Lokalise

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

PingFederate SAML

Part 1: Configuration on Lokalise

Reconfiguring same SSO domain for another team

Part 2: Configuration on PingFederate

Step 1: Creating a new SAML app

Step 2: SP Connection section

Step 3: Browser SSO section

Step 4: Assertion Creation section

Step 5: Protocol Settings section

Step 6: Credentials section

Step 7: Signature Verification section

Adding users to SAML app in PingFederate

Logging in with SSO