With , single is disabled by default.
To configure for SSO:
- Enable SSO.
- Configure properties to access OIDC configuration information.
- Define an at the OpenID provider.
- Configure role mapping.
After completing these steps, configure the resource server.
Enabling SSO for PingCentral
Configuring OIDC for PingCentral
Defining the OAuth client for PingCentral
Define an for at the OpenID provider.
Configuring PingCentral role mapping
In , two user roles are defined: the IAM Administrator, and the Application Owner. An initial IAM Administrator is created by default and can add other users to and assign them to the appropriate role.
When SSO is enabled, the OpenID Provider must indicate the role with a claim defined in the ID token or UserInfo endpoint. If this claim isn't found, or its value is nonsensical, the user is denied access to , and auto-provisioning doesn't occur.
With , an attribute can be mapped into the appropriate claim. To configure role mapping:
pingcentral.sso.oidc.role-claim-name=UserRole
pingcentral.sso.oidc.role-claim-value-admin=Admin
pingcentral.sso.oidc.role-claim-value-app-owner=Developer