Configuring SSO with PingOne
This topic discusses steps involved in configuring single sign-on (SSO) to the PingIntelligence for APIs Dashboard from PingOne. This feature is available in PingIntelligence for APIs 4.4.1 and later versions.
Before you begin
Verify the following prerequisites for SSO configuration:
-
An installed PingIntelligence for APIs Dashboard.
-
Access to the PingOne administration console console. For more information, see Accessing the admin console home page.
About this task
SSO configuration for the PingIntelligence Dashboard involves configuring both the Dashboard and PingOne.
Steps
-
Create an OIDC (OpenID Connect) web application in PingOne to set up SSO to the PingIntelligence Dashboard . To configure the OIDC application, complete the steps explained in Configuring an OIDC application in PingOne for PingIntelligence Dashboard.
-
Set the value of
pi.webgui.server.authentication-mode
tosso
in<pi_install_dir>/pingidentity/webgui/config/webgui.properties
file.# Authentication mode # valid values: native, sso pi.webgui.server.authentication-mode=sso
The PingIntelligence for APIs Dashboard provides two methods for user authentication: native or SSO. SSO authentication should be used only for production deployments. Use native authentication for PoC deployments.
-
Configure the
<pi_install_dir>/pingidentity/webgui/sso.properties
file to complete the PingIntelligence Dashboard’s SSO authentication. For more information, see Configuring an OIDC application in PingOne for PingIntelligence Dashboard. -
Obfuscate keys added in SSO properties using the following commands:
# cd <pi_install_dir>/pingidentity/webgui # ./bin/cli.sh obfuscate_keys
-
Restart the PingIntelligence Dashboard after configuring SSO in PingOne and PingIntelligence Dashboard. For more information, see Start and stop Dashboard.
-
When the PingIntelligence Dashboard is started successfully, access it using
https://<pi_install_host>:8030
. The Dashboard will start SSO Authentication, and a new session will get created for the logged-in users.
Troubleshooting
If the SSO authentication fails for any reason, the PingIntelligence Dashboard shows the following error message.
Every PingIntelligence Dashboard SSO authentication event is attached with a unique ID, which is logged in |