PingOne

Creating an OpenID Connect connection

You can create an OpenID Connect (OIDC) connection with PingFederate as the relying party (RP) and PingOne as the OpenID Provider (OP). This provides PingOne users single sign-on access to applications that are connected to PingFederate.

About this task

These steps are independent of the datastore, PCV, and provisioning components of the integration kit.

Steps

  1. Complete the steps in Create an OpenID Connect IdP connection in the PingFederate documentation with the following modifications:

  2. In the connection configuration, on the General Info screen, in the Issuer field, enter the following using the Client ID that you noted in Connecting PingFederate to PingOne. Click Load Metadata. https://auth.pingone.com/<client_id>/as

    For example:

    https://auth.pingone.com/abcd1e8f-6a34-4bcd-e134-668f563a4412/as
  3. In the Client ID and Client Secret fields, enter the values that you noted in Connecting PingFederate to PingOne.

  4. On the Browser SSO → Protocol Settings → OpenID Provider Info screen, in the Scopes field, type openid and any other OIDC scopes that you need. Separate scopes with a space.

    For more information about scopes, see Resource scopes in the PingOne documentation and READ All Scopes (Resource) in the PingOne API documentation.

    1. In the OpenID Connect Login Type list, select Code.

    2. In the Authentication Scheme list, select Basic.

    3. The Authorization Endpoint,Token Endpoint, User Info Endpoint, and JWKS URL fields are populated automatically from the Load Metadata action in step 2.