What is an idpId?
Learn about the idpId
parameter and how it’s used in PingOne SSO for SaaS Apps.
The idpId
parameter is a unique value that identifies a customer organization to your software as a service (SaaS) application.
The idpId
represents a unique identity provider (IdP) configuration for a given customer. The same IdP configuration is applied across all connections that share an idpId
within your PingOne SSO for SaaS Apps account.
Once set, the idpId
value can’t be changed. You can change the configuration that is used by the idpId
, which will update all connections using that idpId
.
If your IdP partner has separate environments for testing and production, create a different If your IdP partner has only one environment, but you want separate application connections for test and production, create test and production versions of your application, and use the same |
The idpId
parameter is used in three application workflows:
-
When you add a connection, you are required to provide an
idpId
.For more information, see:
-
When you redirect users from your application to PingOne for Enterprise to initiate single sign-on (SSO), you must tell PingOne for Enterprise which
idpId
to use.For more information, see Redirect users to PingOne SSO for SaaS Apps (SP-initiated SSO).
-
When the user returns to your application with either a token or a SAML assertion, PingOne SSO for SaaS Apps includes the
idpId
in the user data for you to use in creating a user session.For more information, see Process the PingOne SSO for SaaS Apps token exchange.
Most applications should use the domain name as an idpId
value because it’s a common way of uniquely identifying a domain of users.
However, if your application doesn’t include a domain name, can’t guarantee the domain name’s uniqueness, or if you already have a scheme for identifying an organization in your application (for example, by company name or UUID), you can assign any value. The idpId
is ultimately for your application to consume.
idpId
is used during single sign-on (SSO) to identify which IdP connection/configuration to use. If the idpId
is not specified, the user will be prompted to perform IdP discovery based on their email domain. For more information on configuring email domains for idpId
discovery, see Edit an invited customer connection and Edit a managed customer connection.
For more information about finding an existing idpId
value, see Finding the idpId
value.
The PingOne for Enterprise test identity provider will automatically be added to your application with a random GUID as the |