Federated SSO with PingOne for Enterprise

Federated SSO uses an identity bridge to establish secure user authentication. You will choose an identity bridge to establish a connection to your user repository. The identity bridge ensures secure user authentication and (when used) provisioning from the user repository. When your identity bridge connection is set up, you’re automatically provided with a PingOne dock URL for your organization. You will then customize your dock to reflect your organization, and add selected applications to PingOne for Enterprise for single sign-on (SSO) by your users. After you add and authorize your groups for access to the applications you’ve added, you’re all set.

How It Works

btp1564020475808

What PingOne for Enterprise Logs for Every Federated SSO Transaction

Whenever a user signs on (SSO) to PingOne for Enterprise, we log the information in the following table. You can see the logging details displayed on your Reports page.

Parameter	Description
(date)	The date and time of the SSO transaction.
TOKEN SUBJECT	The user ID we send to the Service Provider (SP).
SUBJECT_FROM_IDP	The user ID returned by the identity bridge.
TOKEN	A generated ID used to retrieve SSO attributes from PingOne. Limited to one-time use.
ASSERTIONID	The ID for the SAML assertion from the identity bridge.
IP	The user’s IP address for this SSO transaction.
AGENT_ID	The ID assigned to the user’s client or agent (generally a browser) used for SSO.
AGENT	Information about the client or agent used for SSO.
APP_NAME	The name of the application used for SSO.
SAAS_DOMAIN	If specified, the host name or domain name for the user application.
SAAS_ID	The ID assigned to the user application.
SP_ACCOUNT_ID	The PingOne account ID for the SP.
SP_ACCOUNT_NAME	The name assigned to the SP account in PingOne.
IDP_ID	The identity bridge ID used by the SP to identify the identity bridge.
IDP_ACCOUNT_ID	The unique account ID for the identity bridge in PingOne.
IDP_ACCOUNT_NAME	The name of the identity bridge in PingOne.
ACCOUNT_REGION	The region of the identity bridge.
FIRST_NAME_FROM_IDP	The user’s first name as assigned by the IdP.
LAST_NAME_FROM_IDP	The user’s last name as assigned by the IdP.
EMAIL_FROM_IDP	The user’s email address as assigned by the IdP.
STATUS	The status of the SSO transaction.
ERROR_CODE	Contains the error information if an error occurs.

Parameter

Description

(date)

The date and time of the SSO transaction.

TOKEN SUBJECT

The user ID we send to the Service Provider (SP).

SUBJECT_FROM_IDP

The user ID returned by the identity bridge.

TOKEN

A generated ID used to retrieve SSO attributes from PingOne. Limited to one-time use.

ASSERTIONID

The ID for the SAML assertion from the identity bridge.

The user’s IP address for this SSO transaction.

AGENT_ID

The ID assigned to the user’s client or agent (generally a browser) used for SSO.

AGENT

Information about the client or agent used for SSO.

APP_NAME

The name of the application used for SSO.

SAAS_DOMAIN

If specified, the host name or domain name for the user application.

SAAS_ID

The ID assigned to the user application.

SP_ACCOUNT_ID

The PingOne account ID for the SP.

SP_ACCOUNT_NAME

The name assigned to the SP account in PingOne.

IDP_ID

The identity bridge ID used by the SP to identify the identity bridge.

IDP_ACCOUNT_ID

The unique account ID for the identity bridge in PingOne.

IDP_ACCOUNT_NAME

The name of the identity bridge in PingOne.

ACCOUNT_REGION

The region of the identity bridge.

FIRST_NAME_FROM_IDP

The user’s first name as assigned by the IdP.

LAST_NAME_FROM_IDP

The user’s last name as assigned by the IdP.

EMAIL_FROM_IDP

The user’s email address as assigned by the IdP.

STATUS

The status of the SSO transaction.

ERROR_CODE

Contains the error information if an error occurs.