PingOne

Setting up SSO to PingOne Advanced Identity Cloud

To set up single sign-on (SSO) access for administrators from the PingOne admin console home page to PingOne Advanced Identity Cloud, configure PingOne with each Advanced Identity Cloud tenant environment, and then test the sign-on experience.

Ensure that you have:

  • A PingOne account

  • A separate environment added to your PingOne account for each Advanced Identity Cloud tenant environment for which you want to set up SSO access from PingOne

    Learn more in Adding an environment.

  • The following admin roles assigned in each PingOne environment and corresponding Advanced Identity Cloud tenant environment:

Because Advanced Identity Cloud is made up of several individual tenant environments, you must complete these configuration steps for each Advanced Identity Cloud tenant environment.

Adding PingOne Advanced Identity Cloud to an environment

About this task

Add Advanced Identity Cloud to your existing environment.

Steps

  1. In the PingOne admin console, click the Ping Identity logo to open the Environments page, and browse or search for the applicable environment.

  2. Click the environment to open the details panel.

  3. Click Manage Environment to go to the Overview page for the environment.

  4. In the Services section, click the icon.

  5. Click Add next to PingOne Advanced Identity Cloud and any other products or services that you want to add to the environment.

  6. Click Finish.

Configuring SSO to PingOne Advanced Identity Cloud

About this task

After adding Advanced Identity Cloud to your environment, configure SSO from the PingOne admin console.

Steps

  1. In the Environments list, click the environment with Advanced Identity Cloud, and then click Manage Environment.

  2. On the Overview page, locate the PingOne Advanced Identity Cloud tile and click Configure Administrator SSO.

    A screen capture of the PingOne Advanced Identity Cloud tile with the Configure Administrator SSO button - not set up.
  3. In the Configure PingOne Advanced Identity Cloud window, enter the URL for the Advanced Identity Cloud administrative tenant.

    The URL must end with .forgerock.io or .forgeblocks.com. Learn more in Tenant administrator sign-on in the Advanced Identity Cloud documentation.

  4. In the Direct Sign-On Environment list, select the environment that administrators must be associated with when authenticating directly from Advanced Identity Cloud using the Sign in with PingOne option.

    Any admin with an appropriate Advanced Identity Cloud role from any environment in PingOne can use SSO into Advanced Identity Cloud from PingOne.

  5. Click Connect.

    Result:

    PingOne opens a new browser tab with the Advanced Identity Cloud sign-on screen.

  6. Go to the new browser tab and enter your Advanced Identity Cloud credentials to complete setup.

    Result:

    PingOne creates a connection to Advanced Identity Cloud. It can take up to 10 minutes to complete the connection.

    A screen capture of the PingOne Advanced Identity Cloud tile with a message saying 'Connection might take 10 minutes. Check back later.'

Testing SSO to PingOne Advanced Identity Cloud

About this task

After configuring PingOne and Advanced Identity Cloud, test the SSO experience.

Steps

  1. In the PingOne admin console, browse or search for the applicable environment.

  2. Click the environment to open the details panel.

  3. Under Connected Services, click PingOne Advanced Identity Cloud.

Result

The Advanced Identity Cloud admin UI opens.

Inviting additional PingOne Advanced Identity Cloud administrators

About this task

After verifying the connection and gaining SSO access to the Advanced Identity Cloud tenant, the PingOne Super Admin can invite additional Advanced Identity Cloud Super Admins and Tenant Admins to access the Advanced Identity Cloud tenant.

Steps

  • Add admins with SSO access to the tenant.

    These users can be assigned either the Advanced Identity Cloud Super Admin or Advanced Identity Cloud Tenant Admin role for the Advanced Identity Cloud tenant.

Next steps

Repeat the configuration steps for each Advanced Identity Cloud tenant environment for which you want to set up SSO access from PingOne.