Creating an OIDC application
Now, create an OpenID Connect (OIDC) application and configure it to connect the PingOne environment to the PingOne Advanced Services environment.
You can use the P1AS Customer Tenant Configuration Postman collection, or create the application manually.
If you’re using Postman
Steps
-
Navigate to the second step in the collection: P1AS Customer Tenant Configuration → Tenant Configuration → Step 2. Create OIDC Application
-
Drag and drop the step into the Run order window.
-
Click Run and determine if issues exist.
-
Add an MFA (multi-factor authentication) policy to the application. To learn more, see Adding an MFA policy.
Adding this additional layer of security is highly recommended if your users are created and stored in your PingOne environment. If your users are created and stored in an external IdP, we recommend configuring an MFA policy in the third-party OIDC application that is connected to the external IdP.
If you’re creating the application manually
Steps
-
Go to Applications → Applications.
-
Click the icon.
-
Complete the following fields:
-
Application Name: Enter the name of the application.
-
Description: Enter a meaningful description for the application.
-
Application Type: Select OIDC Web App.
-
-
Click Save.
-
On the Configuration tab, enter the appropriate URL in the Redirect URIs field using the following format:
https://auth.pingone.com/<REGION_ID>/rp/callback/openid_connect
Use the REGION_ID provided by your Ping Identity team members.
-
Click Save.
-
Add an MFA (multi-factor authentication) policy to the application. To learn more, see Adding an MFA policy.
Adding this additional layer of security is highly recommended if your users are created and stored in your PingOne environment. If your users are created and stored in an external IdP, we recommend configuring an MFA policy in the third-party OIDC application that is connected to the external IdP. -
Click the Attribute Mappings tab and enter the following mappings:
“sub” = “User ID” “email” = “Email Address” “familyName” = “Family Name” “givenName” = “Given Name” “username” = “Username” “p1asArgoCDRoles” = “P1AS ArgoCD Roles” "p1asGrafanaRoles” = “P1AS Grafana Roles” “p1asOpenSearchRoles” = “P1AS OpenSearch Roles” “p1asPingAccessRoles” = “P1AS PingAccess Roles” “p1asPingFederateRoles” = “P1AS PingFederate Roles” “p1asPrometheusRoles” = “P1AS Prometheus Roles”
-
Click Save and click the toggle switch to enable the application.