Configuring an external IDP - PingOne - PingOne Cloud Platform - PingOne DaVinci

Configuring an external IDP - PingOne - PingOne Cloud Platform - PingOne DaVinci - PingOne Services

PingOne DaVinci

bundle

davinci

ft:publication_title

PingOne DaVinci

Product_Version_ce

PingOne

PingOne Cloud Platform

PingOne DaVinci

PingOne Services

category

Administratorguide

ContentType

Guide

Product

Productdocumentation

davinci

p1cloudplatform

p1services

ContentType_ce

Guide > Administrator Guide

Guide

Product documentation

Configure DaVinci as an external identity provider (IdP) in PingOne.

Sign on to PingOne.
Add DaVinci as an OIDC identity provider according to the PingOne documentation.
1. For the Connection Details, use the values that you noted in Creating an application:
  - Client ID
  - Client Secret
2. In the Discovery Document URI field, enter the well-known endpoint to configure the discovery detail values. The format is:
```
https://auth.pingone.com/<EnvironmentID>/davinci/.well-known/openid-configuration
```
3. In the Requested Scopes field, add a scope for each entity you want to import from the PingOne flow. The format for these scopes is:
  
  p1FlowRequest:<parent entity>.<entity>
  
  The entity name and parent entities are determined by the object request schema documented above. For example, to make the remote IP available, add the scope p1FlowRequest:http.remoteIp.
  
  You can add the p1FlowRequest scope to make all entities from the PingOne flow available, but this can sometimes result in request size errors.
Note:
Do not configure the User Information Endpoint.
Create the authorization endpoint using the following structure:
```
https://<domain>/v1/auth/<companyID>/policy/<policyID>/authorize
```
Use the values that you noted in the previous procedure:
- Company ID
- Policy ID
Create the external IdP sign-on policy step according to the PingOne documentation.
1. In the External Identity Provider list, select the external IdP application you created in step 1.
2. In the Required Authentication Level field, enter policyId-<your policy ID>. For example, policyId-69b043b9edeb60b6c1945617ab1b4fae.
3. Select Pass user context to provider.
4. Select the external IdP application, and then click Save to save your changes.
Create an application in PingOne and assign the sign-on policy step to that application according to the PingOne documentation.
Copy the Callback URL for the external IdP in PingOne.
Optional: Copy the JWKS information to enable PingOne context information to be used by DaVinci.
1. Copy the PingOne Application JWKS URL.
2. Access the JWKS URL and copy the complete JWKS key.
Sign on to DaVinci.
Click the Applications tab.
Find the application that you previously created and click Edit.
Click the OIDC tab, and then add the copied callback URL value to the Redirect URLs field.
Optional: Enter the JWKS information to enable DaVinci to use context information from PingOne within flows.
1. Click Applications.
2. Open your application.
3. Click the OIDC tab.
4. In the Service Provider (SP) JWKS URL field, enter the JWKS URL.
5. In the Service Provider (SP) JWKS Keys to Verify Authorization Request Signature field, enter the JWKS key.