PingOne Credentials Integration Kit

Overview of the SSO flow

With the PingOne Credentials Integration Kit, PingFederate includes PingOne Credentials in the sign-on flow.

Different device SSO flow description

  1. The user initiates SSO with PingFederate on their first device. For example, a laptop. They complete the first authentication step, which might be provided by an HTML Form Adapter instance, for example.

  2. The PingOne Credentials IdP Adapter contacts PingOne Credentials to initiate the credential verification process.

  3. PingOne Credentials provides a QR code image URL and a Open Wallet button URL to the adapter.

  4. The PingOne Credentials IdP Adapter presents an HTML page that shows the QR code and Open Wallet button to the user on their first device.

  5. The user scans the QR code through their wallet app on a second device.

  6. The wallet app on the user’s second device presents a consent prompt to the user to confirm whether the requested credentials can be presented for verification.

  7. The user confirms or cancels the request.

  8. If the user confirms that the requested credentials may be shared, the wallet app presents the requested credentials to PingOne Credentials for verification, following the configured Presentation Protocol.

  9. The PingOne Credentials IdP Adapter polls PingOne Credentials while it waits for the result of the credential verification process.

  10. PingOne Credentials provides the adapter with the result of the verification process.

  11. (Optional) The PingOne Credentials IdP Adapter presents an HTML page on the user’s first device that shows the success or failure message, depending on the verification result.

  12. If the user completed the verification process successfully, PingFederate provides access to the requested resource on the user’s first device.

Same device SSO flow description

  1. The user initiates SSO with PingFederate on the same device that their wallet app is on. For example, a cellphone. They complete the first authentication step, which might be provided by an HTML Form Adapter instance, for example.

  2. The PingOne Credentials IdP Adapter contacts PingOne Credentials to initiate the credential verification process.

  3. PingOne Credentials provides a QR code image URL and a Open Wallet button URL to the adapter.

  4. The PingOne Credentials IdP Adapter presents an HTML page that shows the QR code and Open Wallet button to the user on the same device.

  5. The user clicks Open Wallet and is redirected to the wallet app on the same device.

  6. The wallet app presents a consent prompt to the user to confirm whether the requested credentials can be presented for verification.

  7. If the user confirms that the requested credentials may be shared, the wallet app shares the requested credentials with PingOne Credentials, following the selected Presentation Protocol.

  8. The PingOne Credentials IdP Adapter polls PingOne Credentials while it waits for the result of the verification process.

  9. PingOne Credentials provides the adapter with the result of the credential verification process.

  10. (Optional) The PingOne Credentials IdP Adapter presents an HTML page on the user’s device that shows the success or failure message, depending on the verification result.

  11. If the user completed the verification process successfully, PingFederate provides access to the requested resource on the same device.