---
title: Integrate with PingID for PingOne SSO
description: If you have an existing legacy PingOne for Enterprise account, you can use an authentication policy to enable PingID as a secondary authentication solution for PingOne SSO.
component: pingid
page_id: pingid:pingid_integrations:pid_integrate_p1_sso
canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_integrate_p1_sso.html
revdate: April 14, 2026
section_ids:
  how-it-works-pingone-secondary-authentication-with-pingid: "How it works: PingOne secondary authentication with PingID"
---

# Integrate with PingID for PingOne SSO

If you have an existing legacy PingOne for Enterprise account, you can use an authentication policy to enable PingID as a secondary authentication solution for PingOne SSO.

|   |                                                                                                                                                                                                                                                                                                                                                                                  |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | This integration is for PingID accounts that are using PingID with PingOne for Enterprise (legacy). If you are using PingID with the current PingOne platform, follow the instructions in [Integrating a PingID account with PingOne environment](http://docs.pingidentity.com/pingone/strong_authentication_mfa/p1_integrate_pingid_with_p1.html) in the PingOne documentation. |

Configure and manage the PingID service using the PingOne for Enterprise admin portal. For more information, see [Configure the PingID service](../pingid_service_management/pid_configure_service.html).

## How it works: PingOne secondary authentication with PingID

![A diagram illustrating as a secondary authentication source with .](_images/wxc1672871512820.png)

1. A user with PingOne as their identity provider (IdP) signs on to a service provider's (SP) resource. After PingOne successfully validates the user's credentials, it sends a request to the PingID server to authenticate the user.

2. PingID sends a request through the notification server to the PingID app installed on the user's mobile device.

3. The mobile notification server sends a notification to the PingID mobile app, and the user approves the sign-on request using the PingID mobile app.

4. PingID initiates an out-of-band authentication (OOBA) of the user.

5. The PingID server sends an authorization reply to the SP, which completes the sign-on process.