.png){kind=logo}
Nexus Hub & AWS Cognito & Ping Identity
Please contact Nexus Support at support@nexuscenter.io to request your tenant-specific data set
Log into Ping and select “Connections”
Click New Application
Select WEB APP tile
Select SAML – Click Configure
Give your new application a Name & Description and click Next
Select “Manually Enter”
Please contact Nexus Support at support@nexuscenter.io to request your tenant-specific data set
The screen will expand with additional entries,
| Name | Entry | Notes |
| ACS URLS | https://csp-nexus.auth.us-west-2.amazoncognito.com/saml2/idpresponse | AWS Cognito domain prefix followed by /saml2/idpresponse. Obtain your ACS URL by reaching out to Nexus Support. |
| Signing Key | PingOne SSO Certificate for Administrators environment (Default) |
|
| Sign Assertion | Selected |
|
| Signing Algorithm | RSA_SHA256 |
|
| Encryption | Enable Encryption – unchecked |
|
| Entity ID | urn:amazon:cognito:sp:us-west-2_zWXXXXXXXX |
obtain your entity ID by reaching out to Nexus Support |
| SLO Endpoint | not required | |
| SLO Response Endpoint | not required | |
| SLO Binding | HTTP POST - Selected |
|
| Subject NameID Format | Urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
|
| Assertion Validity Duration (In Seconds) | 60 | |
| Target Application URL – URL of Hub | https://nexus.hub.nexuscenter.io/platform |
obtain your target application URL by reaching out to Nexus Support |
| Enforce Signed Authn Request | Unchecked | |
| Verification Certificate (Optional) | None |
Click “Save and Continue”
Attribute Mapping
SAML Attributes
saml_subject <- UserID (Auto Populated)
Add Attribute
email <- Email Address
Add Attribute
givenname <- Given Name
Add Attribute
surname <- Family Name
Click “Save and Close”
Click newly created app in sidebar and select Configuration tab & click “Download Metadata” button.
Share Metadata download file with Nexus for AWS Pool SAML creation
Enable Application in Ping Identity
Configure AWS Cognito Pool side for SSO.