The single sign-on (SSO) method is significantly more secure than the password authentication method. At this time, OpenID Connect (OIDC) is used for SSO.
To set up SSO:
For each single sign-on (SSO) user, a local PingCentral user is auto-provisioned the first time they sign on with information obtained from the subject (sub) claim provided by the OpenID provider.
The user’s first name, last name, and role are also recorded. PingCentral derives the user's name from the given_name and family_name claims defined by the profile scope.
If first-time access to PingCentral is with API access using a bearer token, auto-provisioning occurs if the user's name and role are available. For performance reasons, subsequent bearer token access doesn't update the local user information, such as first name and last name.
Although PingCentral administrators can modify or delete auto-provisioned users, doing so results in the SSO user being auto-provisioned again. Because the provisioning process generates a new PingCentral user ID, any application associations with the previous user ID will be lost.