PingOne

(Early access) Integrating a PingID account with a new PingOne environment

You can integrate an existing PingID account with a new PingOne environment.

Before you begin

Before you begin, read (Early access) What you need to know before integrating or migrating a PingID account into a PingOne environment.

Before the integration process starts, PingOne performs several validations to ensure the PingID account is compatible with the PingOne environment. Before you start the integration process, you can do several checks to minimize the possibility of the validation failing. Make sure that:

  • Your PingOne license covers the same number of users that exist in your PingID account and that your PingID account license is still valid.

  • The PingOne environment that you create is in the same region as your PingID environment.

  • The user accounts in your PingID environment do not include any duplicate users or usernames that contain unsupported characters. You’ll have opportunity to fix issues during the PingID account validation process. Learn more about how to fix issues before you begin and find more detailed technical information in "Duplicate users found" error when attempting to connect a PingID environment to PingID in the Ping Identity Support Portal.

  • Some policy rules are deprecated in PingOne. You’ll need to remove them from the legacy PingID web portal before you start the integration:

    • Remove the Mobile OS version rule from any PingID polices.

    • Remove the location-based part of the following rules:

      • Access from the company network rule

      • Recent authentication from the office rule

      • Recent authentication from company network rule

    • In PingOne environments, the Limit Push Notification Rule is updated to a configuration in the MFA policy. If you have the rule defined in the PingID admin portal, you’ll be asked to redefine it during the integration process.

    You can unlink your PingID account for up to 14 days after completing the integration with PingOne by deleting the PingOne environment. However, if you have updated FIDO devices to use the FIDO2 authentication method it is not possible to unlink the PingID account, and deleting the PingOne environment will also delete the PingID account.

About this task

Integrate your existing PingID account with a new PingOne environment so that you can:

  • Manage PingID users from PingOne

  • Allow users to manage their devices using MyAccount.

  • Apply a FIDO policy to PingID user accounts.

  • Implement a Windows login passwordless flow.

If you want to create a new PingID environment, refer to Creating a new PingOne environment with MFA.

Steps

  1. In the PingOne admin console, click Add Environment > Build your own solution > PingID, and then click Next.

    PingOne SSO is automatically included in the selection.

    Screen capture of the add service wizard showing selected, and the option to Integrate an existing account selected. The admin has entered the user name and password of the account they want to integrate, and the Validate Account button is shown.

  2. Select Integrate an existing PingID account, enter the user name and password for the PingID environment you want to integrate, and then click Validate Account.

    PingOne performs a validation of your PingID and PingOne accounts.

    This step can take several minutes. Do not close the window during the validation process. If you need to fix any issues, follow the instructions in the validation wizard to fix them, and then rerun the validation.

    Result:

    You’ll see the Validation Successful status.

    A screen capture of the migration summary window, indicating that Policy rules are valid

  3. Click Next, and then in the Services window enter the following information:

    • Environment Name: Enter a name for your PingOne environment.

    • Description (optional): Enter a description for the environment.

    • Environment Type: Select either Sandbox or Production

    • Region: The region must match the region in which your PingID environment is located.

    • License: Select the relevant license.

  4. Click Finish.

Result

You can now manage your users through PingOne. Although most of the PingID APIs are still supported, you should use the PingOne APIs when working out of PingOne. Learn more: (Early access) What you need to know before integrating or migrating a PingID account into a PingOne environment

Learn more about allowing your users to manage their devices using MyAccount in Self service.

Learn more about creating and managing FIDO policies in FIDO policies.

Learn more about implementing a Windows login passwordless flow in Creating and configuring a passwordless Windows login application in PingOne.