SSO with PingOne for Enterprise
Single sign-on (SSO) using PingOne for Enterprise means setting up a connection to a user repository using either:
- Federated SSO
-
Federated SSO uses the industry-standard protocols SAML or OpenID Connect to establish a secure connection, an identity bridge, to your user repositories. User credentials are authenticated through the identity bridge using either SAML or OAuth. You can also choose to apply a secondary level of authentication using PingID through the use of an authentication policy.
- Basic SSO
-
Basic SSO (password vaulting) uses the PingOne for Enterprise browser extension to relay credentials to the target cloud application. User credentials are encrypted (128 bit AES) with a user-specified privacy key and are stored in PingOne for Enterprise. The privacy key is stored in the local file system and is never sent to PingOne for Enterprise. PingOne for Enterprise uses stored encrypted credentials for single sign-on (SSO) to your cloud applications. The browser extension can access the encrypted credentials only after a user is authenticated to the identity repository.
See Ping Identity services for operational status of all Ping Identity services, including PingOne. You can also choose to subscribe to alert notifications.
As a corollary to SSO, the SAML protocol also supports a single logout (SLO) process. For more information, see PingOne for Enterprise and SLO.
For Federated SSO, the SSO process can be initiated from either the identity provider (IdP) through a PingOne for Enterprise identity bridge, or from a Service Provider (SP) through a PingOne SSO for SaaS Apps connection to an application. For more information, see Configuring IdP-initiated SSO and Configuring SP-initiated SSO.