Configuring PingOne for SSO in PingAccess
About this task
To configure PingOne for single sign-on (SSO) in PingAccess:
Steps
-
In PingOne, create a new connection:
-
Go to Applications > Applications, and click the icon.
Result:
The Add Application panel opens.
-
In the Add Application section, enter the following information:
-
Application name:
the PingOne administrator console SSO PingAccess
(or another name that helps you recognize this connection). -
Description (optional): Enter a brief description of this application that distinguishes it from others.
-
-
In the Choose Application Type section, select OIDC Web App, and then click Save.
-
In the application details panel, click the Configuration tab, and then click the Pencil icon.
-
Locate the Redirect URIs field and enter the appropriate URL.
Example:
For example,
https://<FQDNofPAServer>:9000/pa/oidc/cb
, where <FQDNofServer> is the machine name or fully qualified domain name of your PingAccess server, such ashttps://localhost:9000/pa/oidc/cb
. -
Click Save.
-
On the Resources tab, click the Pencil icon.
-
In the Scopes list, click or search for the Profile scope to add it to the Selected Scopes section.
-
Click Save.
-
On the Attribute Mapping tab, click the Pencil icon.
-
Click the Add button and add the following attribute mappings.
Attributes PingOne Mapping PingFed Admin Roles
pf_admin_roles
-
Click the Advanced Configurations button.
-
For the attributes you just mapped, click the Required checkbox.
-
Click Save.
-
-
To enable the application, click the toggle to the on (blue) position.
-
Add a new PingFederate administrator and define their role and responsibilities.
If you already added an administrator when you set up SSO to PingFederate (Configuring PingOne, step 5), skip this step.
-
Go to Directory > Users and click the icon.
-
On the Add User panel, enter a user name for the PingFederate administrator that has the
fullAdmin
role. -
Click Save.
-
In the user details panel, click the Roles > Administrator Roles tab, and then click the Grant Roles button.
-
In Available Responsibilities, click PingFederate Administrator and select checkboxes for the organizations and environments where the administrator should have this role.
-
Click PingFederate User Administrator and select checkboxes for the organizations and environments where the administrator should have this role.
-
Click Save.
-
Click the More Options (⋮) icon and select Reset Password.
-
Select Force password reset on next sign on.
-
Click Save.
-
-
Select Applications > Applications and locate the application you created earlier.
-
Click the application entry to open the details panel.
-
On the Configurations tab, review the configuration information.
You need this configuration property information to configure PingAccess for SSO, so you might want to keep this browser window open.