PingOne

Configuring Apigee for PingOne Authorize integration

Install the PingAuth shared flow bundle in Apigee and configure it to integrate with PingOne Authorize.

Before you begin

Ensure you have:

  • A supported Apigee environment. The Ping Identity shared flow for Apigee supports Apigee Edge, Apigee Private Cloud, and Apigee X.

  • The PingAuth Shared Flow Bundle .zip archive. Download the integration kit for Apigee from the Ping Identity Integration Directory.

Steps

  1. Upload the shared flow bundle:

    1. In Apigee, go to Develop → Shared Flows and do one of the following:

      • In Apigee X, click Upload Bundle.

      • In Apigee Edge or Apigee Private Cloud, click +Shared Flow, and then click Upload Bundle.

    2. For the shared flow Name, enter PingAuth.

    3. In File Picker, browse to the PingAuth shared flow bundle zip file and select it.

      Screen capture of the Create a Shared Flow window in Apigee.

    4. Click Create.

  2. In Apigee X, configure the connection to PingOne Authorize.

    Skip this step if you are using Apigee Edge or Apigee Private Cloud.

    Apigee X doesn’t currently support managing the configuration values stored in key value maps in the Apigee interface. You must add these configuration values to the key value map policy. The key value map is created and the configuration values are added the first time the PingAuth shared flow is executed at runtime.

    1. To access the PingAuth shared flow, go to Develop → Shared Flows → PingAuth.

    2. Click the Develop tab and examine Revisions to make sure you are on the latest revision.

    3. In the Policies panel on the left, click the Load KVM Config policy.

    4. In the policy editor panel, remove the comment lines above and below the InitialEntries element.

    5. Edit values for service_host_port and service_base_path to match the Service URL from the API Gateway you added in PingOne Authorize.

      For example, for Service URL:

      https://api.pingone.com/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486

      The service_host_port is api.pingone.com.

      The service_base_path is /v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486.

    6. Edit the value for shared_secret to match the API Gateway credential you created in PingOne Authorize.

    7. Click Save.

      Screen capture of the PingAuth Shared Flow in Apigee X.

  3. In Apigee Edge or Apigee Private Cloud, configure the connection to PingOne Authorize.

    Apigee Edge stores environment-specific configuration values in key value maps. This allows you to use the same policies across multiple deployment environments without any changes to the policies.

    1. Go to Environment → Key Value Maps and click +Key Value Map.

    2. Edit the key value map and click Add Entry.

    3. Add values using the key names service_host_port and service_base_path that match the Service URL from the API Gateway you added in PingOne Authorize.

      For example, for Service URL:

      https://api.pingone.com/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486

      The service_host_port is api.pingone.com.

      The service_base_path is /v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486.

    4. Add a value using the key name shared_secret that matches the API Gateway credential you created in PingOne Authorize.

    5. Click Save.

      Screen capture of the Key Value Maps tab in Apigee Edge environment configuration.

  4. Deploy the shared flow:

    1. To access the PingAuth shared flow, go to Develop → Shared Flows → PingAuth.

    2. Deploy the most recent revision of the shared flow to your environment.