PingOne

Creating an OpenID Connect connection

You can create an OpenID Connect (OIDC) connection with PingFederate as the relying party (RP) and PingOne as the OpenID Provider (OP). This provides PingOne users single sign-on (SSO) access to applications that are connected to PingFederate.

About this task

These steps are independent of the datastore, PCV, and provisioning components of the integration kit.

To set up an OIDC connection, complete the steps in the Create an OpenID Connect IdP connection procedure from the PingFederate documentation. Make the following modifications to the procedure:

Steps

  1. When you reach step 4 in the Create an OpenID Connect IdP connection procedure, perform the following steps on the General Info tab:

    1. In the Issuer field, enter the following:

      https://auth.pingone.com/<client_id>/as

      Use the Client ID that you noted in Connecting PingFederate to PingOne. For example:

      https://auth.pingone.com/abcd1e8f-6a34-4bcd-e134-668f563a4412/as

    2. In the Client ID and Client Secret fields, enter the values that you noted in Connecting PingFederate to PingOne.

    3. Click Load Metadata.

      This automatically populates the Authorization Endpoint,Token Endpoint, User Info Endpoint, and JWKS URL values in step 2d.

  2. When you reach step 10 in the Create an OpenID Connect IdP connection procedure, perform the following steps on the OpenID Provider Info tab:

    1. In the Scopes field, enter openid and any other OIDC scopes that you need.

      Separate scopes with a space.

      Learn more about scopes in Resource scopes in the PingOne documentation and READ All Scopes (Resource) in the PingOne API documentation.

    2. In the OpenID Connect Login Type list, select Code.

    3. In the Authentication Scheme list, select Basic.

    4. Confirm that the Authorization Endpoint, Token Endpoint, User Info Endpoint, and JWKS URL fields were populated automatically from the Load Metadata action in step 1c.