PingOne

Overview of the SSO flow

The following figure illustrates an example single sign-on (SSO) process flow.

A diagram illustrating a typical sign on process leveraging the integration kit.

In summary:

  1. A user initiates the sign-on process by requesting access to a protected resource.

  2. If PingFederate detects that the PingAM cookie is not present, it redirects to a configurable journey to orchestrate authentication. It also appends a PingFederate URL as a request parameter to resume the flow post-login.

    If a session cookie is present, PingFederate makes a backchannel request to get session information from PingAM.

  3. On a success, PingFederate extracts session information from the JSON response provided by PingAM and generates a SAML assertion.

  4. PingFederate redirects the user to the protected resource, and configures the SAML assertion. The user is granted access.