• You must first enable identity provider (IdP)-initiated sign on.
  1. Enable PingOne authentication in Salesforce.
    1. Sign on to your Salesforce domain as an administrator.
    2. Click the Gear icon, then go to Setup > Company Settings > My Domain.

      Screen capture of the Salesforce Settings menu with the My Domain tab highlighted.
    3. Make a note of your domain name, for example, https://<yourcompany>.my.salesforce.com
    4. In the Authentication Configuration section, click Edit.

      Screen capture of the Salesforce Authentication Configuration page with the Edit button highlighted in red.
    5. In the Authentication Service list, select PingOne. Click Save.

      Screen capture of the Salesforce Authentication Configuration fields with the Save button and the Authentication Service pingone check box highlighted in red

      This entry was created as a result of the IdP-initiated sign on task.

      Configuration is complete.


      Salesforce will now redirect to PingOne for authentication of all new sessions. You should also select the Login Form check box during the testing phase in case of authentication issues.

      Testers will be offered the option of the standard Salesforce login form or PingOne authentication.

      After you've successfully tested authentication against, you can clear the Login Form check box so that authentication automatically defaults to PingOne.

  2. Test the PingOne SP-initiated SSO integration:
    1. Go to your Salesforce domain.

      If the Login Form check box is still selected, the Salesforce sign on screen still displays, and you're offered a choice of Salesforce sign on or PingOne sign, select PingOne.

      If you've cleared the Login Form check box, you're not offered a choice.

    2. When you are redirected to PingOne, enter your PingOne username and password.

      After successful authentication, you're redirected back to Salesforce.

      Screen capture of the Salesforce domain home page.