-
In PingOne, add a new
attribute to PingFederate
administrator roles:
-
Go to Directory > User Attributes, and click the Add Attribute
button.
The Select Attribute Type page opens.
-
On the Select Attribute Type page, select
Declared, and then click
Next.
Declared attributes maintain the values of the claims that authorize access to other products.
-
On the Set Attribute Properties page, enter the
following information:
- Name: PingCentral-Role (this value is case sensitive)
- Display name: PingCentral Role
- Description (Optional): Enter a brief description of this attribute that distinguishes it from others.
- Click Save and Close.
-
Go to Directory > User Attributes, and click the Add Attribute
button.
-
Create a new connection:
-
Go to Applications > Applications, and click the + icon.
The Add Application panel opens.
-
In the Name and Describe Application section,
enter the following information:
- Application name: the PingOne administration console SSO PingCentral (or another name that helps you recognize this connection).
- Description (Optional): Enter a brief description of this application that distinguishes it from others.
-
In the Choose Application Type section, select
OIDC Web App, and then click
Save.
- In the application details panel, click the Configuration tab, and then click the pencil icon.
-
Locate the Redirect URIs field and enter the
appropriate URL .
For example, https://<FQDNofServer>:9022/login/oauth2/code/pingcentral, where <FQDNofServer> is either the machine name or fully qualified domain name of your PingCentral server, such as https://localhost:9022/login/oauth2/code/pingcentral.
- Click Save.
- Click the Resources tab, and then click the pencil icon.
-
In the Scopes list, locate
Profile scope. Click the
+ icon to add it to the Allowed
Scopes section .
Note:
The
openid
scope is included by default. - Click Save.
- Click the Attribute Mapping tab, and then click the pencil icon.
-
Click the + Add button and add the following
attribute mappings.
Attributes PingOne Mapping PingCentral Role
PingCentral-Role(this option is case sensitive)
- Click the Advanced Configurations button.
- For the PingCentral Role attribute, select the Required check box.
- Click Save.
-
Go to Applications > Applications, and click the + icon.
- To enable the application, click the toggle switch to the on (blue) position.
-
Add a new PingCentral
administrator and define their role and responsibilities.
- Go to Directory > Users, and click the + icon.
-
On the Add User panel, enter the following
information:
- Given Name and Family Name: Enter the user's name in these fields.
- Username: Enter a username for the PingCentral administrator who has the IAM-Admin role.
Note:Username is the only required field.
- Click Save.
- In the user details panel, click the Roles > Administrator Roles tab and click the Grant Roles button.
-
In Available Responsibilities, click
Client Application Developer and select
checkboxes for the organizations and environments where the
administrator should have this role.
- Click Identity Data Admin and select checkboxes for the organizations and environments where the administrator should have this role.
- In the More Options menu (three dots), click Reset Password.
- Select Force Password reset on next sign on.
- Click Save.
- Select Applications > Applications, and locate the application you created earlier.
- Click the application entry to open the details panel.
-
Click the Configuration tab and review the configuration
information.
You need this configuration property information to configure PingCentral for SSO, so keep this browser window open.
To continue the configuration, see Configuring PingCentral.