Setting up SSO for PingCentral - PingCentral

Setting up SSO for PingCentral - PingCentral - 2.0

PingCentral for IAM Administrators

bundle

pingcentral-20

ft:publication_title

PingCentral for IAM Administrators

Product_Version_ce

PingCentral 2.0 (Latest)

category

Administrator

Audience

Product

pc-20

pingcentral

ContentType_ce

The method is significantly more secure than the password authentication method. At this time, is used for SSO.

To set up SSO:

Note: When SSO access to is configured, administrators cannot assign applications to application owners before they access . After application owners sign on to , administrators can access their account information and assign applications to them.

Auto-provisioned users

For each SSO user, a local user is auto-provisioned the first time they sign on with information obtained from the subject (sub) claim provided by the OpenID provider.

The user’s first name, last name, and role are also recorded. derives the user's name from the given_name and family_name claims defined by the profile scope.

If first-time access to is with API access using a bearer token, auto-provisioning occurs if the user's name and role are available. For performance reasons, subsequent bearer token access doesn't update the local user information, such as first name and last name.

Although administrators can modify or delete auto-provisioned users, doing so results in the SSO user being auto-provisioned again. Because the provisioning process generates a new user ID, any application associations with the previous user ID will be lost.