Creating a web application
A web application is a browser-based application with a server-side component, such as .NET web apps, JSP/Java, Node.js, or Ruby on Rails.
Web applications typically have functions similar to desktop applications. Web applications can use Security Assertion Markup Language (SAML) or OpenID Connect (OIDC) for authentication.
A web application includes the following configuration.
Create App Profile |
The application name and description. |
Configure |
The application’s redirect URL. |
Grant Access |
To your application (for your customers to trigger authentication requests). |
Attribute Mapping |
Map your PingOne user-defined attributes to the corresponding application attributes, for accessibility between users and your app. |
Every user authentication event occurs in the context of a SAML or OIDC application. When you invoke multi-factor authentication (MFA) through an OIDC request, you’ll need to provide a client ID, which is the ID of your web application.
A worker app is used to make backend calls. In contrast, a web app (or native app or single page app) is required for invoking an authentication flow.
-
Console
-
API
Creating a web application console
Steps
-
In the PingOne admin console, go to Applications → Applications.
-
Click .
Result:
The Add Application panel will pop up.
-
Enter an appropriate Application Name and a Description.
Example:
For example, the application name
Getting Started Web OIDC App. -
In Choose Application Type, click OIDC Web App.
-
Click Save.
Result:
The details panel opens. Applications are granted OAuth scopes so that they can access PingOne platform resources.
-
To configure the application URL, click the Configuration tab, then click the Pencil icon.
-
In the Redirect URIs field, enter your application’s redirect URL (for example,
https://example.com). -
Click Save.
-
To grant access to your application, click the Access tab and click the Pencil icon.
-
Click to select the groups.
-
Click Save.
-
Click the Resources tab, and click the Pencil icon.
-
Enter
profilein the Search Scopes fieldThis filters the list of resource types so that only the Open ID profile scope remains visible in the scopes selection list.
-
On the Profile Scope, click the icon or drag it out to the Allowed Scopes.
-
Click Save.
-
To map your PingOne user-defined attributes to your corresponding application attributes, click the Attribute Mappings tab, and click the Pencilicon.
-
Click Add and fill in the Attributesand corresponding PingOne Mappings fields.
-
Click Save.
-
At the top right of the web application’s profile, click the toggle to enable it.
For more information and additional configuration options, see Adding an application.
Next steps
Creating a web application API alternative
About this task
Application developers can use the API operations to create a web application. Use the access token generated through the worker app.
Steps
-
To create a web application, use the following
POSToperation:POST https://api.pingone.com/v1/environments/{{envId}}/applicationsSee POST: Step 1: Create an OpenID Connect (OIDC) application in the API reference for details.
-
To be able to grant access to the web app, to at least one scope in the system, you first need to get the resource and scope IDs. Use the following
GEToperation:GET https://api.pingone.com/v1/environments/{{envId}}/resources?expand=scopesSee GET: Step 3: Get the list of resources and GET: Step 4: Get all scopes in the API reference for details.
-
To create grants, use the following
POSToperation:POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{webAppId}}/grantsSee POST: Step 5: Create the application’s resource access grant in the API reference for details.