PingOne SSO for SaaS Apps Customer Connection API
You can use the PingOne SSO for SaaS Apps Customer Connection API to create or update application connections without using the admin console.
| Ping Identity periodically deprecates obsolete TLS protocols and cipher suites. To stay compatible with these changes, you should ensure that your platform stays within its support life cycle. For example, a Java application should use a Java version that is currently supported by the Java vendor. |
The PingOne SSO for SaaS Apps Apps Customer Connection API conforms to the design principles of Representational State Transfer (REST), providing a set of resources you can use, and supporting the JSON data format. The API returns HTTP status codes with each resource response. If an error occurs, an error message is returned in the response. Resource request parameter values are required unless otherwise indicated. These parameter values need to be converted to UTF-8 and URL-encoded.
PingOne considers connections with the same idpId value as belonging to the same identity provider (IdP), so most parameter settings are shared across all connections using the same idpId. Updating the parameter settings on one connection applies the same changes to all connections with the same idpId.
The exception to this is the multiplexed parameter, which determines whether the IdP uses a single connection to PingOne or distinct connections to each of your applications. The multiplexed setting is specific to each application connection.
To use the Customer Connection API, you need the API credentials for your account. For information on retrieving these credentials, see Using the global REST API client credentials.
|
The To find the |
Create a customer connection
Creates a connection between your service and a customer.
PUT https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/<idpId>
Request parameters
| Parameter | Description | ||
|---|---|---|---|
|
An array of one or more unique application saasids. For example: ["6964005a-6270-4a88-9ddc-0e6a4e05e51d", "338821d7-dd17-469f-a3c1-8025a0112ebe"] If you include specific application values:
If you don’t include application values, creates a connection to all enabled applications with the specified idpId, as long as they are enabled and either multiplexed SAML or OIDC. |
||
|
If If |
||
|
The email address for the customer administrator. |
||
|
A unique identifier for the customer. See The |
||
|
A unique string used to identify the customer to us. |
||
|
The endpoint at the customer to which we will send SAML AuthnRequests.
|
||
|
The URL at the identity provider (IdP) to which PingOne sends SAML single logout (SLO) requests. |
||
|
The URL at the IdP to which PingOne sends SAML SLO responses. |
||
|
Determines which binding type PingOne uses to send SAML SLO requests. Valid values are If not specified, defaults to |
||
|
If If |
||
|
The public certificate for the customer’s signing certificate. The customer IdP uses this certificate to sign SAML assertions to PingOne. PingOne sees this as the verification certificate. |
||
|
The signing certificate fingerprint that PingOne uses to sign the AuthnRequest or SLO request to the customer IdP. You can find the fingerprint value by expanding the certificate details in the Setup → Certificates menu. For more information, see View certificate details. If not specified, designates the default signing certificate. |
||
|
If specified, sets signing algorithm to specified value. Valid values are:
If not specified, defaults to |
Status Codes Returned
| Status Code | Description |
|---|---|
|
The resource has been created. |
|
The request was invalid. An accompanying error message explains why. |
|
The request was understood, but has been refused. An accompanying error message explains why. |
|
No available application found with given parameters. |
|
The resource requested to be created already exists. |
Example
PUT https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/exampleIdp.com
{
"email": "admin@exampleIdp.com",
"entityId": "example Identity Provider",
"ssoEndpoint": "http://www.exampleIdp.com",
"signingCertificateData": "MIIDkDCCAvmgAwIBAgIJAONZ/Sh8jJVaMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzER\
nMA8GA1UECBMIQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEiMCAGA1UEChMZRXhhbXBsZSBJZGVu\
ndGl0eSBQcm92aWRlcjERMA8GA1UEAxMISm9obiBEb2UxIzAhBgkqhkiG9w0BCQEWFGFkbWluQGV4\
nYW1wbGVJZHAuY29tMB4XDTExMTAyNjIyNDA1MFoXDTIxMTAyMzIyNDA1MFowgY0xCzAJBgNVBAYT\
nAlVTMREwDwYDVQQIEwhDb2xvcmFkbzEPMA0GA1UEBxMGRGVudmVyMSIwIAYDVQQKExlFeGFtcGxl\
nIElkZW50aXR5IFByb3ZpZGVyMREwDwYDVQQDEwhKb2huIERvZTEjMCEGCSqGSIb3DQEJARYUYWRt\
naW5AZXhhbXBsZUlkcC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMx6WsTrzwhi10De\
nPvvTa/Ndle2+3ZLePGXE/0v1qmm8Pji8l0czcg8ner56KBgnt2gnJ5xGrN51zBjZi7Qg2cL3A5cQ\
nErJdYNsc7Oedulmp6RnDInMX1sfn/kGc3L/zBdwrngQWv86vN3bawvtj5wYsc9OAG1+X1kQeDuyR\
ne/NlAgMBAAGjgfUwgfIwHQYDVR0OBBYEFMDDtN8tPSFrVtUWcpc0mbtsge9UMIHCBgNVHSMEgbow\
ngbeAFMDDtN8tPSFrVtUWcpc0mbtsge9UoYGTpIGQMIGNMQswCQYDVQQGEwJVUzERMA8GA1UECBMI\
nQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEiMCAGA1UEChMZRXhhbXBsZSBJZGVudGl0eSBQcm92\
naWRlcjERMA8GA1UEAxMISm9obiBEb2UxIzAhBgkqhkiG9w0BCQEWFGFkbWluQGV4YW1wbGVJZHAu\
nY29tggkA41n9KHyMlVowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBqagX/ZasSD0NP\
nQnR3zDXAYJK87VO59mn21TLEYaKG9vcm+odQhc0XkwLR/PLMTv3GSV9dfC0F6QHogLpZe1W+oa7Q\
n+7Utasnsgs4Kfp0s2jQaPnUJRpGKXFPyOJ17RkjJgubKcYnX+vYV13tBDq4cIIm68dqZZqzaXDau\n0Z3h2Q==",
}
Get a Customer Connection
Returns all available information about a customer connection.
GET https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/<idpId>
Request Parameters
| Parameter | Description |
|---|---|
|
If the application connection exists, returns only that connection’s information. If no application matches the saasid, returns all connections with the same idpId. |
|
A unique identifier for the customer. See The |
Response Parameters
| Parameter | Description | ||
|---|---|---|---|
|
The email address for the customer administrator. |
||
|
A unique identifier for the customer. For more information, see The |
||
|
A unique string used to identify the customer to us. |
||
|
The endpoint at the customer to which we will send SAML AuthnRequests.
|
||
|
The customer’s public certificate for the customer’s signing certificate (encoded in MIME Base64). PingOne uses this to sign SAML assertions. |
||
|
Whether the connection is multiplexed. |
||
|
The URL to which the connection sends SLO requests. |
||
|
The URL at the IdP to which PingOne sends SAML SLO responses. |
||
|
The binding type the connection uses to send SLO requests. |
||
|
Whether the connection signs outgoing AuthnRequests. |
||
|
Which signing algorithm the connection uses to sign outgoing AuthnRequests. |
||
|
Not provided in the GET response. |
||
|
The customer connection status. Possible values are:
|
Status Codes Returned
| Status Code | Description |
|---|---|
|
The resource has been created. |
|
The request was invalid. An accompanying error message explains why. |
|
The request was understood, but has been refused. An accompanying error message explains why. |
|
No available application found with given parameters. |
|
The resource requested to be created already exists. |
Example
GET https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/exampleIdp.com
[
{
"email": "admin@exampleIdp.com",
"idpId": "exampleIdp.com",
"entityId": "example Identity Provider",
"ssoEndpoint": "http://www.exampleIdp.com",
"signingCertificate": "MIIDkDCCAvmgAwIBAgIJAONZ/Sh8jJVaMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzER\
nMA8GA1UECBMIQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEiMCAGA1UEChMZRXhhbXBsZSBJZGVu\
ndGl0eSBQcm92aWRlcjERMA8GA1UEAxMISm9obiBEb2UxIzAhBgkqhkiG9w0BCQEWFGFkbWluQGV4\
nYW1wbGVJZHAuY29tMB4XDTExMTAyNjIyNDA1MFoXDTIxMTAyMzIyNDA1MFowgY0xCzAJBgNVBAYT\
nAlVTMREwDwYDVQQIEwhDb2xvcmFkbzEPMA0GA1UEBxMGRGVudmVyMSIwIAYDVQQKExlFeGFtcGxl\
nIElkZW50aXR5IFByb3ZpZGVyMREwDwYDVQQDEwhKb2huIERvZTEjMCEGCSqGSIb3DQEJARYUYWRt\
naW5AZXhhbXBsZUlkcC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMx6WsTrzwhi10De\
nPvvTa/Ndle2+3ZLePGXE/0v1qmm8Pji8l0czcg8ner56KBgnt2gnJ5xGrN51zBjZi7Qg2cL3A5cQ\
nErJdYNsc7Oedulmp6RnDInMX1sfn/kGc3L/zBdwrngQWv86vN3bawvtj5wYsc9OAG1+X1kQeDuyR\
ne/NlAgMBAAGjgfUwgfIwHQYDVR0OBBYEFMDDtN8tPSFrVtUWcpc0mbtsge9UMIHCBgNVHSMEgbow\
ngbeAFMDDtN8tPSFrVtUWcpc0mbtsge9UoYGTpIGQMIGNMQswCQYDVQQGEwJVUzERMA8GA1UECBMI\
nQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEiMCAGA1UEChMZRXhhbXBsZSBJZGVudGl0eSBQcm92\
naWRlcjERMA8GA1UEAxMISm9obiBEb2UxIzAhBgkqhkiG9w0BCQEWFGFkbWluQGV4YW1wbGVJZHAu\
nY29tggkA41n9KHyMlVowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBqagX/ZasSD0NP\
nQnR3zDXAYJK87VO59mn21TLEYaKG9vcm+odQhc0XkwLR/PLMTv3GSV9dfC0F6QHogLpZe1W+oa7Q\
n+7Utasnsgs4Kfp0s2jQaPnUJRpGKXFPyOJ17RkjJgubKcYnX+vYV13tBDq4cIIm68dqZZqzaXDau\n0Z3h2Q==",
"status":"Active"
}
]
Update a Customer Connection
Updates a connection between your service and a customer. Optional parameters will be updated only if they are included in the request.
POST https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/<idpId>
Request Parameters
| Parameter | Description | ||
|---|---|---|---|
|
An array of one or more unique application saasids. For example: ["6964005a-6270-4a88-9ddc-0e6a4e05e51d", "338821d7-dd17-469f-a3c1-8025a0112ebe"] Updates connections to specified applications. If you don’t include application values, updates connections to all applications with the specified |
||
|
If If |
||
|
The email address for the customer administrator. |
||
|
A unique identifier for the customer. Will not return an error message, but will not update the idpId. |
||
|
A unique string used to identify the customer to us. |
||
|
The endpoint at the customer to which we will send SAML AuthnRequests.
|
||
|
The URL at the identity provider (IdP) to which PingOne sends SAML single logout (SLO) requests. If included and left blank ( |
||
|
The URL at the IdP to which PingOne sends SAML SLO responses. If included and left blank ( |
||
|
Determines which binding type PingOne uses to send SAML SLO requests. Valid values are |
||
|
If If |
||
|
The public certificate for the customer’s signing certificate. The customer IdP uses this certificate to sign SAML assertions to PingOne. PingOne sees this as the verification certificate. |
||
|
The signing certificate fingerprint that PingOne uses to sign the AuthnRequest or SLO request to the customer IdP. You can find the fingerprint value by expanding the certificate details at Setup → Certificates For more information, see View certificate details. |
||
|
If specified, sets signing algorithm to specified value. Valid values are:
|
Status Codes Returned
| Status Code | Description |
|---|---|
|
Success. |
|
The request was invalid. An accompanying error message explains why. |
|
The request was understood, but has been refused. An accompanying error message explains why. |
|
The requested URI is either invalid or the resource doesn’t exist. |
Example
PUT https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/exampleIdp.com
{
"email": "admin@exampleIdp.com",
"entityId": "example Identity Provider",
"ssoEndpoint": "http://www.exampleIdp.com",
"signingCertificateData": "MIIDkDCCAvmgAwIBAgIJAONZ/Sh8jJVaMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJVUzER\
nMA8GA1UECBMIQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEiMCAGA1UEChMZRXhhbXBsZSBJZGVu\
ndGl0eSBQcm92aWRlcjERMA8GA1UEAxMISm9obiBEb2UxIzAhBgkqhkiG9w0BCQEWFGFkbWluQGV4\
nYW1wbGVJZHAuY29tMB4XDTExMTAyNjIyNDA1MFoXDTIxMTAyMzIyNDA1MFowgY0xCzAJBgNVBAYT\
nAlVTMREwDwYDVQQIEwhDb2xvcmFkbzEPMA0GA1UEBxMGRGVudmVyMSIwIAYDVQQKExlFeGFtcGxl\
nIElkZW50aXR5IFByb3ZpZGVyMREwDwYDVQQDEwhKb2huIERvZTEjMCEGCSqGSIb3DQEJARYUYWRt\
naW5AZXhhbXBsZUlkcC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMx6WsTrzwhi10De\
nPvvTa/Ndle2+3ZLePGXE/0v1qmm8Pji8l0czcg8ner56KBgnt2gnJ5xGrN51zBjZi7Qg2cL3A5cQ\
nErJdYNsc7Oedulmp6RnDInMX1sfn/kGc3L/zBdwrngQWv86vN3bawvtj5wYsc9OAG1+X1kQeDuyR\
ne/NlAgMBAAGjgfUwgfIwHQYDVR0OBBYEFMDDtN8tPSFrVtUWcpc0mbtsge9UMIHCBgNVHSMEgbow\
ngbeAFMDDtN8tPSFrVtUWcpc0mbtsge9UoYGTpIGQMIGNMQswCQYDVQQGEwJVUzERMA8GA1UECBMI\
nQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEiMCAGA1UEChMZRXhhbXBsZSBJZGVudGl0eSBQcm92\
naWRlcjERMA8GA1UEAxMISm9obiBEb2UxIzAhBgkqhkiG9w0BCQEWFGFkbWluQGV4YW1wbGVJZHAu\
nY29tggkA41n9KHyMlVowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBqagX/ZasSD0NP\
nQnR3zDXAYJK87VO59mn21TLEYaKG9vcm+odQhc0XkwLR/PLMTv3GSV9dfC0F6QHogLpZe1W+oa7Q\
n+7Utasnsgs4Kfp0s2jQaPnUJRpGKXFPyOJ17RkjJgubKcYnX+vYV13tBDq4cIIm68dqZZqzaXDau\n0Z3h2Q==",
}
Disable a Customer Connection
Disables the customer connection and single sign-on (SSO) access.
POST https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/disable/<idpId>
Request Parameters
| Parameter | Description |
|---|---|
|
If you include specific saasid, changes only that connection. If you don’t include application values, changes connections to all applications with the specified idpId. |
Status Codes Returned
| Status Code | Description |
|---|---|
|
Success. |
|
The resource hasn’t been modified. There was no new data to return. |
|
The request was understood, but has been refused. An accompanying error message explains why. |
|
The requested URI is either invalid or the resource doesn’t exist. |
Example
POST https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/disable/exampleIdp.com
Enable a Customer Connection
Enables the customer connection and SSO access.
POST https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/enable/<idpId>
Request Parameters
| Parameter | Description |
|---|---|
|
If you include specific saasid, changes only that connection. If you don’t include application values, changes connections to all enabled applications with the specified idpId. |
Response Parameters
None.
Status Codes Returned
| Status Code | Description |
|---|---|
|
Success. |
|
The resource hasn’t been modified. There was no new data to return. |
|
The request was understood, but has been refused. An accompanying error message explains why. |
|
The requested URI is either invalid or the resource doesn’t exist. |
Delete a Customer Connection
Deletes all connections for an idpId.
DELETE https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/<idpid>
Request Parameters
| Parameter | Description |
|---|---|
|
If you include specific saasid, deletes only that connection. If you don’t include application values, deletes all connections with the specified idpId. |