Allow administrative users to single sign-on (SSO) to the PingData admin console from PingOne.
You need the following to complete this process:
- A configured PingData server. This server will host the the PingOne administration console console that is being configured for SSO.
- A PingOne for Customers account. For more information, see Getting started with PingOne for Customers.
- Access to the the PingOne administration console console. For more information, see Using the beta version of My Ping.
-
In the PingOne administration console, add a link to the PingOne solutions home page.
-
In the the PingOne administration console admin console, click Add
Environment.
If you're adding PingDirectory Server or PingDataGovernance Server to an existing environment, click the name of an environment, click the Plus icon and click Add to add PingDirectory.
- To create an environment, on the Create Environment page, select from Customers, Workforce, or Custom.
- Select PingDirectory and PingOne for Customers.
- Click Next.
- Select It's already been deployed.
- In the Enter Admin URL field, enter https://<hostname>:<port>/console/login, replacing the bracketed variables with the PingData server's hostname and HTTP port.
- Click Next.
- In the Environment Name field, enter a name for this environment.
- Optional: In the Description field, enter a description for the environment.
- From the Region list, select your data center region.
- From the License list, select the license for this environment.
- Click Finish.
-
In the the PingOne administration console admin console, click Add
Environment.
-
To configure the matching administrator accounts for PingOne and the PingData
server, go to the PingOne dashboard for the environment that will be used with
the PingData server and repeat the following steps for each PingOne user for
whom you want to enable SSO.
- In the PingOne administration console, on your environment line, click the PingOne icon.
- In PingOne, go to Identities.
- On the line of the administrative user you want to configure, click the Expand icon.
-
Run the following dsconfig command against the
PingData server, replacing the bracketed fields with the values of the
administrative user.
dsconfig create-root-dn-user --user-name <Username> \ --set first-name:<Given Name> \ --set last-name:<Family Name>
-
Register the Administrative Console with PingOne.
- Go to Add an application - Web application and follow the instructions in the Add an OIDC application subsection.
- Enter the application properties as shown in the following table.
Property
Value
Application Name
PingData Administrative Console
Description
Application for the PingData Administrative Console
Redirect URLs
https://<hostname>:<port>/console/oidc/cb
Attribute Mapping
'Username' = 'sub'
Note:Fill in the bracketed values in Redirect URLs with your PingData server's hostname and HTTP port.
-
Edit the listed properties for the newly created application so that the
properties have the values show in the following table, following the
instructions in Edit an application - OIDC in the PingOne
Administration Guide.
Property
Value
Response Type
Code
Grant Type
Authorization Code
Token Endpoint Authentication Method
Client Secret Basic
-
Record the values for the following application properties to use in later
steps:
- Issuer
- Client ID
- Client Secret
- Create a copy of the PingDirectory/config/sample-dsconfig-batch-files/enable-pingone-admin-console-sso.dsconfig file, leaving the source file as-is.
- Open the copy of the file and replace the bracketed values with the values from step 5.
-
Run the file using the following command.
dsconfig --batch-file \ enable-pingone-admin-console-sso-copy.dsconfig \ --no-prompt
-
Click the link to the PingData server from the PingOne solutions home
page.
A PingOne sign on page displays.
-
Sign on using the administrative user credentials.
The Administrative console index page displays.