This guide provides the steps required to configure OpenID Connect based single sign on via Ping Identity.


IMPORTANT NOTE: 

User logins may become disrupted during the steps below. We strongly recommend that you create a "testing SSO" environment (via our Enterprise Toolkit) and trial your SSO configuration and tests in that environment before rolling SSO out to any production environments you have.



Prerequisites

Before you configure provisioning, check the following in your platform account: 

  • Ensure you have added our Enterprise Toolkit option to your account, since this unlocks our Ping Identity integration options.
    Enterprise Toolkit can be enabled via the Billing page in the web portal.

  • Go to the Menu -> Organization Setup page and find the section titled "External User Authentication & Provisioning".
    Click the Add Connector link and select the "Ping Identity" option from the list of available connectors - this will save the Organization Setup page and reload it.

  • Make note of the OpenID Connect Login Redirect URI values that display on the Ping Identity connector details.
    You will need these for the Ping Identity configuration steps below.



Configuring Single Sign On (OIDC Identity Provider)

  1. Log into your Ping Identity account and navigate to ApplicationsMy ApplicationsOIDC and then click on the "Add Application" button.


  2. Enter a desired name for your application, with a short description. Then add the appropriate category for your app and an optional image that would make it easier to identify.

  3. In the Authorization Settings section, make sure to check Authorization Code.


  4. Click on the "Add Secret" button, and then copy the secret that was generated and paste that into the Client Secret field found on your Organization Setup page.

  5. Note the Client ID, Issuer and IDPID fields on the same page. Copy these values, and paste that into the Client IDIssuer and IDPID fields found on your Organization Setup page.

  6. In the SSO Flow and Authentication Settings, you need to fill in the redirect URL's that can be found on your Organization Setup page.

  7. On your Dashboard screen you will see a PingOne dock URL, copy and paste this URL into the

  8. After you have completed all the steps above, you can save your changes. Next, go to the application details page to find the SaaSID and the ConnectionID.
    Copy and paste those values into their respective fields on the your Organization Setup page, and save your changes.



You should now be able to log in via your Ping user account, using your Ping password.