Configuring SSO to the PingOne for Enterprise admin portal
Your administrative users can access the admin portal using single sign-on (SSO) rather than logging in separately with username and password.
About this task
You can enable SSO to the PingOne for Enterprise admin portal for administrators using:
-
PingOne for Enterprise dock: For admins or members of the specified LDAP groups for your user repository
-
Any supported browser: For members of the specified LDAP groups for your user repository
If you’re using PingOne for Enterprise Directory as your identity provider (IdP), all PingOne for Enterprise Directory admins have access to the admin portal from the dock.
If you’re using PingFederate as your IdP , you can choose to configure SSO to the PingOne for Enterprise admin portal from PingFederate. For more information, see SSO to the PingOne for Enterprise admin portal from PingFederate.
If you’ve enabled an authentication policy and selected PingID as the authentication provider, you can use multi-factor authentication for SSO to the PingOne for Enterprise admin portal. For more information, see SSO to the PingOne for Enterprise admin portal with multi-factor authentication.
For more information about administrative roles and permissions, see Administrative roles.
Steps
-
In the PingOne for Enterprise admin portal, go to Setup → Dock → Admin Portal SSO.
-
For each administrative role, click Add Group and enter the name of a user group to add to that administrative role.
If you’re using LDAP groups, this needs to be the full distinguished name (FDN) for the administrator group ("CN=admins,OU=example,…").
Active Directory administrators can use the
dsquery
command on the Active Directory host to find the DN.You can assign groups to a read-only administrative role, which grants the administrator access to the areas of the admin portal normally allowed by that role, but not the ability to change settings. Users who are members of the group will be able to SSO to the admin portal from any supported browser, as well as from the PingOne dock.
-
Click Save.
Next steps
After you’ve enabled SSO to the PingOne for Enterprise admin portal, you also can choose to apply a secondary level of authentication using PingID. For more information, see SSO to the PingOne for Enterprise admin portal with multi-factor authentication.