This guide provides the steps required to configure OpenID Connect-based single sign-on via Ping Identity.

IMPORTANT NOTE: 

User logins may become disrupted during the steps below. We strongly recommend that you create a “testing SSO” environment (via our Enterprise Toolkit) and trial your SSO configuration and tests in that environment before rolling SSO out to any production environments you have.

Prerequisites

Before you configure provisioning, check the following in your platform account: 

• Ensure you have added our Enterprise Toolkit option to your account, since this unlocks our Ping Identity integration options.
  Enterprise Toolkit can be enabled via the Billing page in the web portal.
• Go to the Menu -> Organization Setup -> Integrations page and find the section titled “External User Authentication & Provisioning“.
  Click the Add Connector link and select the “Ping Identity” option from the list of available connectors – this will save the Organization Setup page and reload it.
• Make note of the OpenID Connect Login Redirect URI values displayed on the Ping Identity connector details.
  You will need these for the Ping Identity configuration steps below.

Configuring Single Sign-On (OIDC Identity Provider)

1 – Log in to your Ping Identity account and navigate to Applications > My Applications > OIDC, and then click on the “Add Application” button.

2 – Enter a desired name for your application, with a short description. Then add the appropriate category for your app and an optional image that would make it easier to identify.

3 – In the Authorization Settings section, make sure to check Authorization Code.

4 – Click on the “Add Secret” button, and then copy the secret that was generated and paste that into the Client Secret field found on your Organization Setup page.

5 – Note the Client ID, Issuer and IDPID fields on the same page. Copy these values, and paste that into the Client ID, Issuer and IDPID fields found on your Organization Setup page.

6 – On your Dashboard screen, you will see a PingOne dock URL, copy and paste this URL into the

7 – After you have completed all the steps above, you can save your changes. Next, go to the application details page to find the SaaSID and the ConnectionID.
Copy and paste those values into their respective fields on your Organization Setup page, and save your changes.

You should now be able to log in via your Ping user account, using your Ping password.

Toggle User Authentication Method

Once Ping Identity is enabled, all users will be authenticated externally unless disabled. However, for temporary or external users who are not registered in Ping Identity, you can choose to use our platform’s built-in authentication instead.

Toggling between Ping Identity and Built-In authentication for a user can be achieved when editing a user’s details (Organization & Users > Users & Groups), under Access & Security > Login Method dropdown.