PingOne for Enterprise

Configuring IdP-initiated SSO

About this task

SSO is initiated by the IdP itself, rather than by PingOne for Enterprise. In this case, the IdP needs to reference the particular application for SSO. PingOne for Enterprise assigns a unique ID, the saasid, to the connection for each application a SP publishes through PingOne for Enterprise. The IdP uses the saasid to reference the application connection for SSO.

If you’re using a custom sign-on page or portal instead of the PingOne for Enterprise dock:

Steps

  1. In PingOne for Enterprise, configure a new SAML application.

    After you save and publish the application, remain on the Review Setup page. You’ll need the application configuration information to configure SSO settings.

  2. Use the application’s saasid value to configure SSO settings in your IdP in one of the following ways:

    Choose from:

  3. Get the full IdP-initiated SSO URL from the IdP and add it to your custom sign-on page or portal.

    If PingFederate is your IdP, the IdP-initiated settings used are the startSSO and TargetResource parameters.

    For more information, see IdP endpoints.

    If you don’t specify the saasid in your SSO URL, the URL will default to the PingOne for Enterprise dock.

    If your tenant doesn’t include the dock (for example, if you’re using PingOne SSO for SaaS Apps or an Invited SSO account), this will result in an error.