---
title: Overview of the SSO flow
description: The following figure illustrates an example single sign-on (SSO) process flow.
component: pingam
page_id: pingam::pf_pingam_ik_overview_of_the_sso_flow
canonical_url: https://docs.pingidentity.com/integrations/pingam/pf_pingam_ik_overview_of_the_sso_flow.html
revdate: February 12, 2025
---

# Overview of the SSO flow

The following figure illustrates an example single sign-on (SSO) *(tooltip: \<div class="paragraph">
\<p>The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without reauthenticating.\</p>
\</div>)* process flow.

![A diagram illustrating a typical sign on process leveraging the integration kit.](_images/PingAM_SSO_Flow.png)

In summary:

1. A user initiates the sign-on process by requesting access to a protected resource.

2. If PingFederate detects that the PingAM cookie is not present, it gets an access token using the OAuth credentials, then initializes a backchannel authentication using the access token, and uses the redirect URI returned to send the user to orchestrate authentication. It also appends a PingFederate URL as a request parameter to resume the flow post-login.

   If a session cookie is present, PingFederate makes a backchannel request to get session information from PingAM.

3. On a success, PingFederate extracts session information from the JSON response provided by PingAM and generates a SAML assertion.

4. PingFederate redirects the user to the protected resource and configures the SAML assertion. The user is granted access.