在開始整合的過程之前,您必須先要求且經核准使用或試用 Onshape Enterprise 帳戶,並且有 Onshape Enterprise 網域名稱。

Enterprise 網域名稱的範例會像是:MyCompanyName.onshape.com。

您一次僅能使用一個 (單一登入) SSO 提供者。

如果沒有為您組織自訂的參數值,這個組態設定的過程可能會失敗。請使用您的 PingOne 單一登入儀表板來將 Onshape 加入為應用程式,並記下給您組織的特定值。您將在下列的步驟中需要這些值。

Onshape signs all outgoing SAML certification requests. You are not required to upload any certificates (for example, a SAML signing certificate), except in the case of ADFS integration because ADFS validates incoming SAML requests. Note that Microsoft also recommends migration from the latest version of ADFS to Microsoft Entra ID. See ADFS Overview for more information.

將 Onshape 加入至您 PingOne 單一登入帳戶中

若要啟用您 Company 帳戶單一登入,必須先將 Onshape 應用程式加入至您 PingOne 單一登入帳戶中:

  1. Sign in to the PingOne portal as an Administrator. Click the Connections icon on the left side navigation pane.

    2. PingIdentity 頁面,按一下左側導覽列中的 [Connections]

  2. Click Add Application.

    PingIdentity Applications 頁面,以輪廓線框出 [Add Application] 按鈕

  3. Click the Web App box. Then click the Configure button to the right of the SAML connection type.

    按一下 [Web App] 方塊,然後在 SAML Connection type 方塊中點按 [Configure] 按鈕

  4. In the Create App Profile tab that opens, enter an Application Name and Description. Then click the Next button at the bottom of the pane.

    「Create App Profile」頁面中以輪廓線框出「Application name」與「Description」

  5. In the Configure SAML tab that opens, enter https://cad.onshape.com/identity/saml2/sso in the ACS URL field.

    6. 上方的 ACS URL 必須是 "cad.onshape.com",而不是您 Onshape 企業的 URL。

    「Configure SAML Connection」頁面中以輪廓線框出 Metadata 檔案

  6. In the same tab, scroll down and enter com.onshape.saml2.sp In the Entity ID field, and 300 In the Assertion Validity Duration in Seconds field. Then click the Save and Continue button.

    PingIdentity Onshape 應用程式頁面中以輪廓線框出「Entity ID」與「Assertion Validity」

  7. In the Map Attributes tab, select Email Address from the PingOne User Attribute drop-down list.

    「Attribute Mapping」頁面中以輪廓線框出「SAML Attributes」

  8. 在同樣的分頁中建立下列的三個 SAML Attributes:

    1. Click the Add Attribute link and select Static Attribute from the drop-down list. This creates the first Static Attribute. In the Static Key field, enter firstName, and in the Static Value field enter First Name.

    2. Click the Add Attribute link again, and select Static Attribute from the drop-down list. This creates the second Static Attribute. In the Static Key field, enter lastName, and in the Static Value field enter Last Name.

    3. Click the Add Attribute link again, and select Static Attribute from the drop-down list. This creates the third Static Attribute. In the Static Key field, enter companyName, and in the Static Value field enter your domain name prefix. For example, if your Onshape enterprise name is Fishbowl.onshape.com, enter Fishbowl into the field.

      4. 從「SAML Attributes」頁面中選擇「Static Attribute」

  9. Once all three SAML Attributes are entered, it should look similar to the image below. Click the Save and Close button.

    在「SAML Attributes」頁面中 [Mapping Attributes]

  10. The Applications window opens. Click the Avg daily sign-ons switch to enable sign-ons to the application. A notice appears at the top right corner stating that the application is Successfully Saved.

    應用程式頁面中顯示開啟「Average daily sign-ons」的按鈕

  11. Click the Configuration subsection. Then click the Download button to download the metadata file. A message appears in the top right upon successful download of this file. Click X to dismiss the message.

    應用程式頁面,按一下 [Configuration],然後按一下 [Downloading Metadata] 檔案

在 Onshape 中上傳中繼資料組態檔案

  1. Sign in to your Onshape enterprise account, using your specialized domain name, as an administrator. Select Enterprise settings from your account.

    前往至我的帳戶功能表,然後按一下 [Enterprise 設定]

  2. Select Authentication from the left navigation menu.

    從左側的瀏覽功能表中選擇 [驗證]

  3. In the Single sign-on (SSO) subsection, click the Configure SSO provider button.

    按一下「單一登入 (SSO)」設定之下的 [設定 SSO 提供者]

  4. The Create SSO provider dialog opens. In the Name field, enter name, such as PingOne Identity. In the Provider type drop-down, select PingOne. Then click the Upload configuration file button.

    在「建立 SSO 提供者」頁面輸入一個「名稱」,接著選擇一個「提供者類型」,然後按一下 [上傳組態檔] 按鈕

  5. Locate and select the metadata configuration file you downloaded previously, and click Open.

    開啟之前下載的 XLM metadata 檔案

  6. 按一下 確定

    按一下 [確定] 來完成建立 SSO 提供者

  7. 檔案隨即上傳。上傳完成時會有通知出現。

    Notification 顯示成功上傳 SSO 組態檔案的通知

    8. You can disable the typical Onshape password sign-in for your users and show only the SSO provider sign-in prompt for the Onshape URL. However, do not perform this step at this time. Make sure you can sign in to Onshape yourself (as administrator) before disabling this additional sign-in option. You can return here later, once you verify you can sign in through your SSO provider.

    Choosing to enforce signing in to Onshape via SSO also results in users not being able to sign in to non-enterprise domains directly, such as cad.onshape.com.

  8. Sign out of both your Onshape and PingOne accounts. Be sure to do a hard refresh of both accounts. When you reach the Onshape sign-in page once again, the page has a new Sign in link at the bottom, for your Single sign-on provider.

    Onshape 登入頁面中有新的 [使用 Ping 來登入] 按鈕