PingOne Advanced Services

Creating an OIDC application

Now, create an OpenID Connect (OIDC) application and configure it to connect the PingOne environment to the PingOne Advanced Services environment.

You can use the P1AS Customer Tenant Configuration Postman collection, or create the application manually.

If you’re using Postman

Steps

  1. Navigate to the second step in the collection: P1AS Customer Tenant Configuration → Tenant Configuration → Step 2. Create OIDC Application

  2. Drag and drop the step into the Run order window.

  3. Click Run and determine if issues exist.

  4. Add an MFA (multi-factor authentication) policy to the application. For instructions, see Adding an MFA policy in the PingOne documentation.

    Adding this additional layer of security is highly recommended if your users are created and stored in your PingOne environment. If your users are created and stored in an external IdP, we recommend configuring an MFA policy in the third-party OIDC application that is connected to the external IdP.

If you’re creating the application manually

Steps

  1. Go to Applications → Applications.

  2. Click the icon.

  3. Complete the following fields:

    1. Application Name: Enter the name of the application.

    2. Description: Enter a meaningful description for the application.

    3. Application Type: Select OIDC Web App.

  4. Click Save.

  5. On the Configuration tab, enter the appropriate URL in the Redirect URIs field using the following format:

    https://auth.pingone.com/<REGION_ID>/rp/callback/openid_connect

    Use the REGION_ID provided by your Ping Identity team members.

  6. Click Save.

  7. Add an MFA (multi-factor authentication) policy to the application. Learn more in Adding an MFA policy in the PingOne documentation.

    Adding this additional layer of security is highly recommended if your users are created and stored in your PingOne environment. If your users are created and stored in an external IdP, we recommend configuring an MFA policy in the third-party OIDC application that is connected to the external IdP.
  8. On the Attribute Mappings tab, enter the following mappings:

    “sub” = “User ID”
    “email” = “Email Address”
    “familyName” = “Family Name”
    “givenName” = “Given Name”
    “username” = “Username”
    “p1asArgoCDRoles” = “P1AS ArgoCD Roles”
    "p1asGrafanaRoles” = “P1AS Grafana Roles”
    “p1asOpensearchRoles” = “P1AS Opensearch Roles”
    “p1asPingAccessRoles” = “P1AS PingAccess Roles”
    “p1asPingFederateRoles” = “P1AS PingFederate Roles”
    “p1asPrometheusRoles” = “P1AS Prometheus Roles”
    "p1asSelfServiceRoles" = "P1AS Self-Service Roles"
  9. Click Save and click the toggle switch to enable the application.