Setting up SSO to PingOne Advanced Identity Cloud
To set up single sign-on (SSO) access for administrators from the PingOne admin console home page to the PingOne Advanced Identity Cloud administrative tenant, configure PingOne and Advanced Identity Cloud, and then test the sign-on experience.
Before you begin
|
This documentation is available as an early-access preview for a feature that is not yet generally available. |
Ensure that you have:
-
An Advanced Identity Cloud tenant
-
A PingOne account with an environment added
Learn more in Adding an environment.
-
The following admin roles assigned:
-
PingOne: Identity Data Admin, Environment Admin, and PingOne Advanced Identity Cloud Super Admin
Learn more in Administrator Roles and Managing user roles.
-
Advanced Identity Cloud: Super Admin
Learn more about assiging admin roles in Tenant administrator settings.
-
Adding PingOne Advanced Identity Cloud to an environment
About this task
Add Advanced Identity Cloud to your existing environment.
Steps
-
In the PingOne admin console, click the Ping Identity logo to open the Environments page, and browse or search for the applicable environment.
-
Click the environment to open the details panel.
-
Click Manage Environment to go to the Overview page for the environment.
-
In the Services section, click the icon.
-
Click Add next to PingOne Advanced Identity Cloud and any other products or services that you want to add to the environment.
-
Click Finish.
Configuring SSO to PingOne Advanced Identity Cloud
About this task
After adding Advanced Identity Cloud to your environment, configure SSO from the PingOne admin console.
Steps
-
In the Environments list, click the environment with Advanced Identity Cloud, and then click Manage Environment.
-
On the Overview page, locate the PingOne Advanced Identity Cloud tile and click Configure Administrator SSO.
-
In the Configure PingOne Advanced Identity Cloud window, enter the URL for the Advanced Identity Cloud administrative tenant.
The URL must end with .forgerock.io or .forgeblocks.com. Learn more in Tenant administrator sign-on in the Advanced Identity Cloud documentation.
-
In the Direct Sign-On Environment list, select the environment that administrators must be associated with when authenticating directly from Advanced Identity Cloud using the Sign in with PingOne option.
Any admin with an appropriate Advanced Identity Cloud role from any environment in PingOne can use SSO into Advanced Identity Cloud from PingOne.
-
Click Connect.
Result:
PingOne opens a new browser tab with the Advanced Identity Cloud sign-on screen.
-
Go to the new browser tab and enter your Advanced Identity Cloud credentials to complete setup.
Result:
PingOne creates a connection to Advanced Identity Cloud. It can take up to 10 minutes to complete the connection.
Testing SSO to PingOne Advanced Identity Cloud
About this task
After configuring PingOne and Advanced Identity Cloud, test the SSO experience.
Steps
-
In the PingOne admin console, browse or search for the applicable environment.
-
Click the environment to open the details panel.
-
Under Connected Services, click PingOne Advanced Identity Cloud.
Result
The Advanced Identity Cloud admin UI opens.
Inviting additional PingOne Advanced Identity Cloud administrators
About this task
After verifying the connection and gaining SSO access to the Advanced Identity Cloud tenant, the PingOne Super Admin can invite additional Advanced Identity Cloud Super Admins and Tenant Admins to access the Advanced Identity Cloud tenant.
Steps
-
Add admins with SSO access to the tenant.
These users can be assigned either the Advanced Identity Cloud Super Admin or Advanced Identity Cloud Tenant Admin role for the Advanced Identity Cloud tenant.