Skip to content

Setting up Ping Identity

Follow these steps to set up Shutterstock as an application for Ping Identity:

  1. Contact your Shutterstock account representative and provide this information:

    • Your company name
    • The type of identity provider that you use
    • A list of all of the email domains that you use
    • The URL that Shutterstock should send users to for authentication in the Shutterstock-initiated login flow
    • Your IdP application's security certificate. Ping Identity provides this certificate in a metadata.xml file, so you can send this file to Shutterstock.
  2. Shutterstock sets up an identity provider configuration to allow your identity provider to use our SAML offering.

  3. Shutterstock provides a callback URL and other information that you need for your configuration. The callback URL looks like this example: https://accounts.shutterstock.com/saml/2t35e39b-a281-4q9d-g758-194b52749de5/callback.

  4. In Ping Identity, set up a SAML application for Shutterstock with these settings:

    • ACS URLs: The callback URL from Shutterstock.
    • Signing certificate: PingOne SSO Certificate for Administrators environment
    • Signing: Assertion and Response
    • Signing algorithm: RSA_SHA256
    • Encryption: Disabled
    • Entity ID: The beginning of the callback URL, before the customer identifier, such as https://accounts.shutterstock.com/saml/.
    • SLO endpoint: Not specified
    • SLO response endpoint: Not specified
    • SLO binding: HTTP Redirect
    • Target application URL: https:www.shutterstock.com
    • Enforce signed authin request: Disabled
    • Verification certificates: No Verification Certificates Selected
  5. Specify the following attribute mappings on the application:

    Application attribute name User attribute Required
    email The user's email address No
    saml_subject The user's user ID Yes
    id The user's user ID No
    name The user's user name No

Now the integration is ready to use.

Next steps

Now that the federated identity integration is ready, you can test it to make sure that it works. Then you can have your users log in to Shutterstock services through your identity provider.

To verify that the integration is set up correctly or to troubleshoot problems, look at the SAML assertion that your IdP is sending to Shutterstock.

Some IdPs can generate a sample SAML assertion that you can view to verify that the custom attributes appear correctly or to help with debugging. You can also see the SAML assertion by launching the Shutterstock application through the IdP and using a tool such as SAML-tracer.

The SAML assertion should look like the following XML example. Make sure that your SAML assertion is formatted in a similar way.

If you can't log in to Shutterstock through your IdP, send your sample SAML assertion to your Shutterstock account representative with any other information you have on the problem.

<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion ID="id467897227883162648067369" IssueInstant="2021-03-18T14:58:33.926Z" Version="2.0"
  xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
  <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/Issuer</saml2:Issuer>
  <saml2:Subject>
    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">userName</saml2:NameID>
    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
      <saml2:SubjectConfirmationData NotOnOrAfter="2021-03-18T15:03:33.930Z" Recipient="https://accounts.shutterstock.com/saml/453663451-3724-4761-828b-bbe31a27c9f7/callback"/>
    </saml2:SubjectConfirmation>
  </saml2:Subject>
  <saml2:Conditions NotBefore="2021-03-18T14:53:33.930Z" NotOnOrAfter="2021-03-18T15:03:33.930Z">
    <saml2:AudienceRestriction>
      <saml2:Audience>https://accounts.shutterstock.com/saml</saml2:Audience>
    </saml2:AudienceRestriction>
  </saml2:Conditions>
  <saml2:AuthnStatement AuthnInstant="2021-03-18T14:58:33.926Z">
    <saml2:AuthnContext>
      <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
    </saml2:AuthnContext>
  </saml2:AuthnStatement>
  <saml2:AttributeStatement>
    <saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue
        xmlns:xs="http://www.w3.org/2001/XMLSchema"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.email
      </saml2:AttributeValue>
    </saml2:Attribute>
      <saml2:Attribute Name="roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml2:AttributeValue
          xmlns:xs="http://www.w3.org/2001/XMLSchema"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.roles
        </saml2:AttributeValue>
      </saml2:Attribute>
    <saml2:Attribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue
        xmlns:xs="http://www.w3.org/2001/XMLSchema"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.email
      </saml2:AttributeValue>
    </saml2:Attribute>
    <saml2:Attribute Name="team" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue
        xmlns:xs="http://www.w3.org/2001/XMLSchema"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.team
      </saml2:AttributeValue>
    </saml2:Attribute>
  </saml2:AttributeStatement>
</saml2:Assertion>

We have more than 475,000,000 assets on Shutterstock.com as of November 30, 2023.

© 2003-2024 Shutterstock, Inc.