You need the following to complete this process:

  1. In the PingOne administration console, add a link to the PingOne solutions home page.
    1. In the the PingOne administration console admin console, click Add Environment.

      If you're adding PingDirectory Server or PingDataGovernance Server to an existing environment, click the name of an environment, click the Plus icon and click Add to add PingDirectory.

    2. To create an environment, on the Create Environment page, select from Customers, Workforce, or Custom.
    3. Select PingDirectory and PingOne for Customers.
    4. Click Next.
    5. Select It's already been deployed.
    6. In the Enter Admin URL field, enter https://<hostname>:<port>/console/login, replacing the bracketed variables with the PingData server's hostname and HTTP port.
    7. Click Next.
    8. In the Environment Name field, enter a name for this environment.
    9. Optional: In the Description field, enter a description for the environment.
    10. From the Region list, select your data center region.
    11. From the License list, select the license for this environment.
    12. Click Finish.
  2. To configure the matching administrator accounts for PingOne and the PingData server, go to the PingOne dashboard for the environment that will be used with the PingData server and repeat the following steps for each PingOne user for whom you want to enable SSO.
    1. In the PingOne administration console, on your environment line, click the PingOne icon.
    2. In PingOne, go to Identities.
    3. On the line of the administrative user you want to configure, click the Expand icon.
    4. Run the following dsconfig command against the PingData server, replacing the bracketed fields with the values of the administrative user.
      dsconfig create-root-dn-user --user-name <Username> \
        --set first-name:<Given Name> \
        --set last-name:<Family Name>
  3. Register the Administrative Console with PingOne.
    1. Go to Add an application - Web application and follow the instructions in the Add an OIDC application subsection.
    2. Enter the application properties as shown in the following table.

    Property

    Value

    Application Name

    PingData Administrative Console

    Description

    Application for the PingData Administrative Console

    Redirect URLs

    https://<hostname>:<port>/console/oidc/cb

    Attribute Mapping

    'Username' = 'sub'

    Note:

    Fill in the bracketed values in Redirect URLs with your PingData server's hostname and HTTP port.

  4. Edit the listed properties for the newly created application so that the properties have the values show in the following table, following the instructions in Edit an application - OIDC in the PingOne Administration Guide.

    Property

    Value

    Response Type

    Code

    Grant Type

    Authorization Code

    Token Endpoint Authentication Method

    Client Secret Basic

  5. Record the values for the following application properties to use in later steps:
    • Issuer
    • Client ID
    • Client Secret
  6. Create a copy of the PingDirectory/config/sample-dsconfig-batch-files/enable-pingone-admin-console-sso.dsconfig file, leaving the source file as-is.
  7. Open the copy of the file and replace the bracketed values with the values from step 5.
  8. Run the file using the following command.
    dsconfig --batch-file \
        enable-pingone-admin-console-sso-copy.dsconfig \
        --no-prompt
  9. Click the link to the PingData server from the PingOne solutions home page.
    A PingOne sign on page displays.
  10. Sign on using the administrative user credentials.
    The Administrative console index page displays.