PingCentral

Promoting OAuth and OIDC applications

You can promote the OAuth and OIDC applications assigned to you.

Before you begin

Prepare to provide the following:

  • Redirect URIs, if required. These are the URIs your users will be directed to after they receive authorization to access your application. Redirect URIs are only required when promoting applications that use an authorization code and implicit grant types.

    Redirect URIs are not limited to the number of characters they can contain, but cannot include wildcards or some special characters.

  • If a client secret is required to authenticate your application, you can create a custom secret, generate a secret, or leave the field empty and PingCentral will generate a client secret for you.

Steps

  1. To promote the application to an environment, click the expandable icon associated with the application, select the Promote tab, and click Promote.

    If an environment is offline or if a PingCentral administrator has set the environment status to Disabled, you will be unable to promote the application to a disabled or offline environment.

  2. From the Available Environments list, select the environment to which you want to promote the application.

    If you have the Application Owner role, you cannot promote applications to protected environments, which have shield icons associated with them.
  3. If curly brackets display in the upper right corner of the window, you have the ability to edit the underlying application JSON yourself. Or, you can complete the fields on this window.

    If you choose to complete the fields on this window, refer to the following:

    1. If redirect URIs are required to promote the application, enter them in the Redirect URIs field.

    2. If a client secret is required to authenticate your application, you can:

      • Create a custom secret and enter it in the Client Secret text box.

        If your PingCentral administrator has chosen to enforce random secret generation, application owners will be unable to create their own secret, and PingCentral will generate a random client secret.

      • Generate a client secret by clicking the Generate Secret button.

    To edit the JSON yourself:

    1. Click the curly brackets.

      This screen capture highlights the curly brackets that display in the upper right corner of the window.

      Result:

      The application JSON displays in the window.

    2. Update the JSON to meet your needs. Built-in JSON syntax validation occurs as you make updates to help prevent mistakes.

  4. Click Promote.

    Result:

    PingCentral promotes your application to the designated environment in PingFederate. You will see the new promotion in the History section of the page.

  5. To configure the SSO connection, provide the following information to your service provider:

    • The client ID. Click View Client Details to access the Promotion Details window, which displays the client ID.

    • The client secret and OIDC discovery endpoint are also available in this window.

      This example shows the Promotion Details page, which contains information regarding the promotion, such as the Client ID and OIDC discovery endpoint.