--- title: Creating an OpenID Connect connection description: You can create an OpenID Connect (OIDC) connection with PingFederate as the relying party (RP) and PingOne as the OpenID Provider (OP). This provides PingOne users single sign-on (SSO) access to applications that are connected to PingFederate. component: pingone page_id: pingone:pingone_integration_kit:pf_p1_ik_creating_an_openid_connect_connection canonical_url: https://docs.pingidentity.com/integrations/pingone/pingone_integration_kit/pf_p1_ik_creating_an_openid_connect_connection.html revdate: June 18, 2024 section_ids: about-this-task: About this task steps: Steps --- # Creating an OpenID Connect connection You can create an OpenID Connect (OIDC) connection with PingFederate as the relying party (RP) and PingOne as the OpenID Provider (OP). This provides PingOne users single sign-on (SSO) access to applications that are connected to PingFederate. ## About this task | | | | - | ------------------------------------------------------------------------------------------------------ | | | These steps are independent of the datastore, PCV, and provisioning components of the integration kit. | To set up an OIDC connection, complete the steps in the [Create an OpenID Connect IdP connection](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_creat_openid_connect_idp_connect.html) procedure from the PingFederate documentation. Make the following modifications to the procedure: ## Steps 1. When you reach step 4 in the [Create an OpenID Connect IdP connection](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_creat_openid_connect_idp_connect.html) procedure, perform the following steps on the **General Info** tab: 1. In the **Issuer** field, enter the following: `https://auth.pingone.com//as` Use the **Client ID** that you noted in [Connecting PingFederate to PingOne](pf_p1_ik_connecting_pf_to_p1.html). For example: ``` https://auth.pingone.com/abcd1e8f-6a34-4bcd-e134-668f563a4412/as ``` 2. In the **Client ID** and **Client Secret** fields, enter the values that you noted in [Connecting PingFederate to PingOne](pf_p1_ik_connecting_pf_to_p1.html). 3. Click **Load Metadata**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------- | | | This automatically populates the **Authorization Endpoint**,**Token Endpoint**, **User Info Endpoint**, and **JWKS URL** values in step 2d. | 2. When you reach step 10 in the [Create an OpenID Connect IdP connection](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_creat_openid_connect_idp_connect.html) procedure, perform the following steps on the **OpenID Provider Info** tab: 1. In the **Scopes** field, enter `openid` and any other OIDC scopes that you need. Separate scopes with a space. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Learn more about scopes in [Resource scopes](https://docs.pingidentity.com/pingone/applications/p1_resource_scopes.html) in the PingOne documentation and [READ All Scopes (Resource)](https://apidocs.pingidentity.com/pingone/platform/v1/api/#get-read-all-scopes-resource) in the PingOne API documentation. | 2. In the **OpenID Connect Login Type** list, select **Code**. 3. In the **Authentication Scheme** list, select **Basic**. 4. Confirm that the **Authorization Endpoint**, **Token Endpoint**, **User Info Endpoint**, and **JWKS URL** fields were populated automatically from the **Load Metadata** action in step 1c.