PingOne

SPN reference

The following table shows the service principal name (SPN) values for the various PingOne regions.

Region SPN 1 SPN 2

Australia

HTTP/d17e9v8kuwbj1g.cloudfront.net

HTTP/kerberos.pingone.com.au

Canada

HTTP/d2zesjvkk5mc9z.cloudfront.net

HTTP/kerberos.pingone.ca

Europe

HTTP/d2g9q8z5merlnu.cloudfront.net

HTTP/kerberos.pingone.eu

North America (US)

HTTP/d3vol3lyj0eg62.cloudfront.net

HTTP/kerberos.pingone.com

Singapore

HTTP/dcfgtxahv7i2c.cloudfront.net

HTTP/kerberose.pingone.sg

Asia Pacific (legacy)

Available only for existing .asia customers.

HTTP/d17e9v8kuwbj1g.cloudfront.net

HTTP/kerberos.pingone.asia

Custom domains

If the environment is configured with a custom domain, only one SPN is required. The address varies depending on the DNS result. See the examples below for more information.

CloudFront examples

Example 1: DNS result from nslookup
c:\>nslookup -type=A sso.example.com
Step 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
        primary name server = 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
        responsible mail addr = (root)
        serial  = 0
        refresh = 28800 (8 hours)
        retry   = 7200 (2 hours)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)
Server:  UnKnown
Address:  ::1Non-authoritative answer:
Name:    d3laihe2ro8a3z.cloudfront.net
Addresses:  65.8.10.10
          65.8.10.20
          65.8.10.30
          65.8.10.40
Aliases:  sso.example.com
          45ffcbe6-ec42-48d2-999e-89a7eae22ea9.edge1.pingone.com

Based on this DNS result from nslookup, in CloudFront the SPN address is HTTP/d3laihe2ro8a3z.cloudfront.net. This remains true regardless of the PingOne region.

Example 2: DNS result from dig
~$ dig sso.example.com A

; <<>> DiG 9.10.6 <<>> sso.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1344
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sso.example.com.        IN    A

;; ANSWER SECTION:
sso.example.com.    3526    IN    CNAME    45ffcbe6-ec42-48d2-999e-89a7eae22ea9.edge1.pingone.com.
45ffcbe6-ec42-48d2-999e-89a7eae22ea9.edge1.pingone.com.    86326 IN CNAME d3laihe2ro8a3z.cloudfront.net.
d3laihe2ro8a3z.cloudfront.net. 54 IN    A    65.8.10.10
d3laihe2ro8a3z.cloudfront.net. 54 IN    A    65.8.10.20
d3laihe2ro8a3z.cloudfront.net. 54 IN    A    65.8.10.30
d3laihe2ro8a3z.cloudfront.net. 54 IN    A    65.8.10.40

;; Query time: 30 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Fri Nov 25 14:02:32 PST 2022
;; MSG SIZE  rcvd: 221

Based on this DNS result from dig, in CloudFront the SPN address is HTTP/d3laihe2ro8a3z.cloudfront.net. This remains true regardless of the PingOne region.

Cloudflare examples

Example 1: DNS result from nslookup
c:\>nslookup -type=A sso.example.com
Server:  127.0.0.1
Address:  127.0.0.1#53

Non-authoritative answer:
sso.example.com	canonical name = f97e2bbf-6680-44b6-a2cf-97aa0b4a4226.edge1.test-one-pingone.com.
f97e2bbf-6680-44b6-a2cf-97aa0b4a4226.edge1.pingone.com	canonical name = 92b8af3f-0d5b-4cc8-8460-8a35a26efc5e.ping-ccd.com.
Name:    92b8af3f-0d5b-4cc8-8460-8a35a26efc5e.ping-ccd.com
Address:  130.250.137.31

Based on this DNS result from nslookup, in Cloudflare the SPN address is HTTP/92b8af3f-0d5b-4cc8-8460-8a35a26efc5e.ping-ccd.com.

This example assumes the organization resides in the North America (US) region. If your organization is in a different region, the end of the SPN would differ depending on that region:

  • North America (Canada): ping-ccd.ca

  • Europe: ping-ccd.eu

  • Australia: ping-ccd.com.au

  • Asia-Pacific: ping-ccd.asia

  • Singapore: ping-ccd.sg
Example 2: DNS result from dig
~$ dig sso.example.com A

; <<>> DiG 9.10.6 <<>> sso.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21003
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;sso.example.com.        IN    A

;; ANSWER SECTION:
sso.example.com.    98    IN    CNAME    f97e2bbf-6680-44b6-a2cf-97aa0b4a4226.pingone.com.
f97e2bbf-6680-44b6-a2cf-97aa0b4a4226.pingone.com.    86198 IN CNAME 92b8af3f-0d5b-4cc8-8460-8a35a26efc5e.ping-ccd.com.
92b8af3f-0d5b-4cc8-8460-8a35a26efc5e.ping-ccd.com. 98 IN    A    130.250.137.31

;; Query time: 31 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 23 10:26:50 PDT 2025
;; MSG SIZE  rcvd: 361

Based on this DNS result from dig, in Cloudflare the SPN address is HTTP/92b8af3f-0d5b-4cc8-8460-8a35a26efc5e.ping-ccd.com.

This example assumes the organization resides in the North America (US) region. If your organization is in a different region, the end of the SPN would differ depending on that region:

  • North America (Canada): ping-ccd.ca

  • Europe: ping-ccd.eu

  • Australia: ping-ccd.com.au

  • Asia-Pacific: ping-ccd.asia

  • Singapore: ping-ccd.sg