Configure DaVinci as an external identity provider (IdP) in PingOne.
- Sign on to PingOne.
-
Add DaVinci as an OIDC identity
provider according to the PingOne documentation.
-
For the Connection Details, use the values that
you noted in Creating an application:
- Client ID
- Client Secret
-
In the Discovery Document URI field, enter the
well-known endpoint to configure the discovery detail values. The format
is:
https://auth.pingone.com/<EnvironmentID>/davinci/.well-known/openid-configuration
-
In the Requested Scopes field, add a scope for
each entity you want to import from the PingOne flow. The format
for these scopes is:
p1FlowRequest:<parent entity>.<entity>
The entity name and parent entities are determined by the object request schema documented above. For example, to make the remote IP available, add the scope
p1FlowRequest:http.remoteIp
.You can add the
p1FlowRequest
scope to make all entities from the PingOne flow available, but this can sometimes result in request size errors.
Note:Do not configure the User Information Endpoint.
-
For the Connection Details, use the values that
you noted in Creating an application:
-
Create the authorization endpoint using the following structure:
https://<domain>/v1/auth/<companyID>/policy/<policyID>/authorize
Use the values that you noted in the previous procedure:
- Company ID
- Policy ID
-
Create the external IdP sign-on policy step according to the PingOne documentation.
- In the External Identity Provider list, select the external IdP application you created in step 1.
-
In the Required Authentication Level field,
enter
policyId-<your policy ID>
. For example,policyId-69b043b9edeb60b6c1945617ab1b4fae
. - Select Pass user context to provider.
- Select the external IdP application, and then click Save to save your changes.
- Create an application in PingOne and assign the sign-on policy step to that application according to the PingOne documentation.
- Copy the Callback URL for the external IdP in PingOne.
- Optional:
Copy the JWKS information to enable PingOne context information to be used by DaVinci.
- Copy the PingOne Application JWKS URL.
- Access the JWKS URL and copy the complete JWKS key.
- Sign on to DaVinci.
- Click the Applications tab.
- Find the application that you previously created and click Edit.
- Click the OIDC tab, and then add the copied callback URL value to the Redirect URLs field.
- Optional:
Enter the JWKS information to enable DaVinci to use context information from
PingOne within
flows.
- Click Applications.
- Open your application.
- Click the OIDC tab.
- In the Service Provider (SP) JWKS URL field, enter the JWKS URL.
- In the Service Provider (SP) JWKS Keys to Verify Authorization Request Signature field, enter the JWKS key.