This guide provides the steps required to configure OpenID Connect based single sign on via Ping Identity.
IMPORTANT NOTE:
User logins may become disrupted during the steps below. We strongly recommend that you create a "testing SSO" environment (via our Enterprise Toolkit) and trial your SSO configuration and tests in that environment before rolling SSO out to any production environments you have.
CONTENTS
Prerequisites
Before you configure provisioning, check the following in your platform account:
- Ensure you have added our Enterprise Toolkit option to your account since this unlocks our Ping Identity integration options. Enterprise Toolkit can be enabled via the Billing page in the web portal.
- Go to the Menu -> Organization Setup page and find the section titled "External User Authentication & Provisioning." Click the Add Connector link and select the "Ping Identity" option from the list of available connectors; this will save the Organization Setup page and reload it.
- Make note of the OpenID Connect Login Redirect URL values that display on the Ping Identity connector details. You will need these for the Ping Identity configuration steps below.
Configuring Single Sign On (OIDC Identity Provider)
- Log into your Ping Identity account and navigate to Applications > My Applications > OIDC and then click on the "Add Application" button.
2. Enter a desired name for your application, with a short description. Then add the appropriate category for your app and an optional image that would make it easier to identify.
3. In the Authorization Settings section, make sure to check Authorization Code.
4. Click on the "Add Secret" button, and then copy the secret that was generated and paste that into the Client Secret field found on your Organization Setup page.
5. Note the Client ID, Issuer and IDPID fields on the same page. Copy these values, and paste that into the Client ID, Issuer and IDPID fields found on your Organization Setup page.
6. In the SSO Flow and Authentication Settings, you need to fill in the redirect URL's that can be found on your Organization Setup page.
7. On your Dashboard screen you will see a PingOne dock URL, copy and paste this URL into the
8. After you have completed all the steps above, you can save your changes. Next, go to the application details page to find the SaaSID and the ConnectionID.
Copy and paste those values into their respective fields on the your Organization Setup page, and save your changes.
You should now be able to log in via your Ping user account, using your Ping password.
Toggle User Authentication Method
Once Ping Identity is enabled, all users will be authenticated externally unless disabled. However, for temporary or external users that are not registered in Ping Identity, you can choose to use our platform’s built-in authentication instead.
Toggling between Ping Identity and Built-In authentication for a user can be achieved when editing a user's details (Organization&Users>Users&Groups), under Access&Security>Login Method dropdown.