Users are managed by an external identity provider

If your users are managed by an external identity provider, test the connections between the environments.

About this task

There are two different connections to test:

The connection between the environment containing the users and the environment containing the OIDC application. To test this connection, complete the troubleshooting steps outlined in Users are managed in a PingOne environment.
The connection between the external IdP and the environment that contains the OIDC application.

To test this connection, attempt to access the admin consoles from the external identity provider:

Steps

Get the username and password for the user.
Open a browser window and enter the admin console URL.
Enter the username and password and click Sign On.
- If you’re able to sign on, that means that the connection works.
- If you’re not redirected to the external identity provider, ensure that the authentication policy that the OIDC application is using includes the external identity provider:
  - If you’re using login authentication, ensure that the external identity provider is added as a Presented identity provider. To learn more, see Adding a login authentication step.
  - If you’re using identifier-first authentication, ensure that the external IdP is added as a rule or as a Presented identity provider. To learn more, see Adding an identifier-first authentication step.
  - If you’re using external identity provider authentication policies, ensure that the external IdP is added as an External identity provider. To learn more, see Adding an external identity provider sign-on step.
- If you receive an error message regarding missing roles:
  - Ensure that the user has the appropriate roles and attributes assigned.
  - Ensure that the custom user attributes are correctly defined and mapped.