---
title: Setting up SSO to PingOne Advanced Identity Cloud
description: To set up single sign-on (SSO) access for administrators from the PingOne admin console to PingOne Advanced Identity Cloud, configure PingOne with each Advanced Identity Cloud tenant environment and test the sign-on experience.
component: pingone
page_id: pingone:getting_started_with_pingone:p1_set_up_sso_p1_advanced_identity_cloud
canonical_url: https://docs.pingidentity.com/pingone/getting_started_with_pingone/p1_set_up_sso_p1_advanced_identity_cloud.html
revdate: February 10, 2025
section_ids:
  before-you-begin: Before you begin
  adding-pingone-advanced-identity-cloud-to-an-environment: Adding PingOne Advanced Identity Cloud to an environment
  about-this-task: About this task
  steps: Steps
  configuring-sso-to-pingone-advanced-identity-cloud: Configuring SSO to PingOne Advanced Identity Cloud
  about-this-task-2: About this task
  steps-2: Steps
  result: Result:
  result-2: Result:
  testing-sso-to-pingone-advanced-identity-cloud: Testing SSO to PingOne Advanced Identity Cloud
  about-this-task-3: About this task
  steps-3: Steps
  result-3: Result
  inviting-additional-pingone-advanced-identity-cloud-administrators: Inviting additional PingOne Advanced Identity Cloud administrators
  about-this-task-4: About this task
  steps-4: Steps
  next-steps: Next steps
---

# Setting up SSO to PingOne Advanced Identity Cloud

To set up single sign-on (SSO) *(tooltip: \<div class="paragraph">
\<p>The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without reauthenticating.\</p>
\</div>)* access for administrators from the PingOne admin console to PingOne Advanced Identity Cloud, configure PingOne with each Advanced Identity Cloud tenant environment and test the sign-on experience.

## Before you begin

Ensure that you have:

* A PingOne account

* A separate environment added to your PingOne account for each Advanced Identity Cloud tenant environment for which you want to set up SSO access from PingOne

  Learn more in [Creating an environment](p1_getting_started_adding_environment.html).

* The following admin roles assigned in each PingOne environment and corresponding Advanced Identity Cloud tenant environment:

  * PingOne: Identity Data Admin, Environment Admin, and PingOne Advanced Identity Cloud Super Admin

    Learn more in [Administrator Roles](../directory/p1_roles.html) and [Managing user roles](../directory/p1_manage_user_roles.html).

  * Advanced Identity Cloud: Super Admin

    Learn more about assigning admin roles in [Tenant administrator settings](https://backstage.forgerock.com/docs/idcloud/latest/tenants/tenant-administrator-settings.html).

|   |                                                                                                                                                                                      |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|   | Because Advanced Identity Cloud is made up of several individual tenant environments, you must complete the configuration steps for each Advanced Identity Cloud tenant environment. |

## Adding PingOne Advanced Identity Cloud to an environment

### About this task

Add Advanced Identity Cloud to your existing environment.

### Steps

1. In the PingOne admin console sidebar, click the Ping Identity logo to open the **Environments** page and browse or search for the applicable environment.

2. On the **Environments** page, click the environment to open the details panel.

3. Click **Manage Environment** to go to the **Overview** page for the environment.

4. In the **Services** section, click **[icon: plus, set=fa]**.

5. Click **[icon: plus, set=fa]Add** next to **PingOne Advanced Identity Cloud** and any other products or services that you want to add to the environment.

6. Click **Finish**.

## Configuring SSO to PingOne Advanced Identity Cloud

### About this task

After adding Advanced Identity Cloud to your environment, configure SSO from the PingOne admin console.

### Steps

1. In the PingOne admin console, in the **Environments** list, click the environment with Advanced Identity Cloud and click **Manage Environment**.

2. On the **Overview** page, locate the **PingOne Advanced Identity Cloud** tile and click **Configure Administrator SSO**.

   ![A screen capture of the PingOne Advanced Identity Cloud tile with the Configure Administrator SSO button - not set up.](_images/ykr1715879878811.png)

3. In the **Configure PingOne Advanced Identity Cloud** window, enter the URL for the Advanced Identity Cloud administrative tenant.

   The URL must end with .forgerock.io or .forgeblocks.com. Learn more in [Tenant administrator sign-on](https://backstage.forgerock.com/docs/idcloud/latest/tenants/tenant-administrator-settings.html#tenant-administrator-sign-in) in the Advanced Identity Cloud documentation.

4. In the **Direct Sign-On Environment** list, select the environment that administrators must be associated with when authenticating directly from Advanced Identity Cloud using the **Sign in with PingOne** option.

   |   |                                                                                                                                                           |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | Any administrator with an appropriate Advanced Identity Cloud role from any environment in PingOne can use SSO into Advanced Identity Cloud from PingOne. |

5. Click **Connect**.

   #### Result:

   PingOne opens a new browser tab with the Advanced Identity Cloud sign-on screen.

6. Go to the new browser tab and enter your Advanced Identity Cloud credentials to complete setup.

   #### Result:

   PingOne creates a connection to Advanced Identity Cloud. It can take up to 10 minutes to complete the connection.

   ![A screen capture of the PingOne Advanced Identity Cloud tile with a message saying 'Connection might take 10 minutes. Check back later.'](_images/wig1715898568779.png)

## Testing SSO to PingOne Advanced Identity Cloud

### About this task

After configuring PingOne and Advanced Identity Cloud, test the SSO experience.

### Steps

1. In the PingOne admin console sidebar, click the Ping Identity logo to open the **Environments** page and browse or search for the applicable environment.

2. On the **Environments** page, click the environment to open the details panel.

3. In the **Connected Services** section, click **PingOne Advanced Identity Cloud**.

### Result

The Advanced Identity Cloud admin UI opens.

## Inviting additional PingOne Advanced Identity Cloud administrators

### About this task

After verifying the connection and gaining SSO access to the Advanced Identity Cloud tenant, the PingOne Advanced Identity Cloud Super Admin can invite additional Advanced Identity Cloud Super Admins and Tenant Admins to access the Advanced Identity Cloud tenant.

### Steps

* In the PingOne admin console, [add admins with SSO access to the tenant](p1_manage_administrators.html#adding-administrators).

  These users can be assigned either the Advanced Identity Cloud Super Admin or Advanced Identity Cloud Tenant Admin role for the Advanced Identity Cloud tenant.

## Next steps

Repeat the configuration steps for each Advanced Identity Cloud tenant environment for which you want to set up SSO access from PingOne.