PingIntelligence

Configuring SSO with PingOne

This topic discusses steps involved in configuring single sign-on (SSO) to the PingIntelligence for APIs Dashboard from PingOne. This feature is available in PingIntelligence for APIs 4.4.1 and later versions.

Before you begin

Verify the following prerequisites for SSO configuration:

About this task

SSO configuration for the PingIntelligence Dashboard involves configuring both the Dashboard and PingOne.

Steps

  1. Create an OIDC (OpenID Connect) web application in PingOne to set up SSO to the PingIntelligence Dashboard . To configure the OIDC application, complete the steps explained in Configuring an OIDC application in PingOne for PingIntelligence Dashboard.

  2. Set the value of pi.webgui.server.authentication-mode to sso in <pi_install_dir>/pingidentity/webgui/config/webgui.properties file.

    # Authentication mode
    # valid values: native, sso
     pi.webgui.server.authentication-mode=sso

    The PingIntelligence for APIs Dashboard provides two methods for user authentication: native or SSO. SSO authentication should be used only for production deployments. Use native authentication for PoC deployments.

  3. Configure the <pi_install_dir>/pingidentity/webgui/sso.properties file to complete the PingIntelligence Dashboard’s SSO authentication. For more information, see Configuring an OIDC application in PingOne for PingIntelligence Dashboard.

  4. Obfuscate keys added in SSO properties using the following commands:

    # cd <pi_install_dir>/pingidentity/webgui
    # ./bin/cli.sh obfuscate_keys
  5. Restart the PingIntelligence Dashboard after configuring SSO in PingOne and PingIntelligence Dashboard. For more information, see Start and stop Dashboard.

  6. When the PingIntelligence Dashboard is started successfully, access it using https://<pi_install_host>:8030. The Dashboard will start SSO Authentication, and a new session will get created for the logged-in users.

Troubleshooting

If the SSO authentication fails for any reason, the PingIntelligence Dashboard shows the following error message.

Screenshot for PingIntelligence Dashboard SSO error

Every PingIntelligence Dashboard SSO authentication event is attached with a unique ID, which is logged in <pi_install_dir>/pingidentity/webgui/logs/admin/sso.log. You can filter sso-event-ref = <unique ID> in the <pi_install_dir>/pingidentity/webgui/logs/admin/sso.log file to find the reason for SSO failure.