Federated SSO with PingOne

Federated SSO uses an identity bridge to establish secure user authentication. You'll choose an identity bridge to establish a connection to your user repository. The identity bridge ensures secure user authentication and (when used) provisioning from the user repository. When your identity bridge connection is set up, you're automatically provided with a PingOne dock URL for your organization. You'll then customize your dock to reflect your organization, and add selected applications to PingOne for single sign-on (SSO) by your users. After you add and authorize your groups for access to the applications you've added, you're all set.

How It Works

What We Log for Every Federated SSO Transaction

Whenever a user signs on (SSO) to PingOne, we log the information in the following table. You can see the logging details displayed on your Reports page.

ParameterDescription
(date)The date and time of the SSO transaction.
TOKEN SUBJECTThe user ID we send to the Service Provider (SP).
SUBJECT_FROM_IDPThe user ID returned by the identity bridge.
TOKENA generated ID used to retrieve SSO attributes from PingOne. Limited to one-time use.
ASSERTIONIDThe ID for the SAML assertion from the identity bridge.
IPThe user's IP address for this SSO transaction.
AGENT_IDThe ID assigned to the user's client or agent (generally a browser) used for SSO.
AGENTInformation about the client or agent used for SSO.
APP_NAMEThe name of the application used for SSO.
SAAS_DOMAINIf specified, the host name or domain name for the user application.
SAAS_IDThe ID assigned to the user application.
SP_ACCOUNT_IDThe PingOne account ID for the SP.
SP_ACCOUNT_NAMEThe name assigned to the SP account in PingOne.
IDP_IDThe identity bridge ID used by the SP to identify the identity bridge.
IDP_ACCOUNT_IDThe unique account ID for the identity bridge in PingOne.
IDP_ACCOUNT_NAMEThe name of the identity bridge in PingOne.
ACCOUNT_REGIONThe region of the identity bridge.
FIRST_NAME_FROM_IDPThe user's first name as assigned by the IdP.
LAST_NAME_FROM_IDPThe user's last name as assigned by the IdP.
EMAIL_FROM_IDPThe user's email address as assigned by the IdP.
STATUSThe status of the SSO transaction.
ERROR_CODEContains the error information if an error occurs.

Tags Capability > Single Sign On; Product > PingOne