Page created: 17 Nov 2022
|
Page updated: 9 Jan 2023
| 2 min read
PingOne Cloud Platform PingOne Product
To configure PingOne for SSO in PingAccess:
-
In PingOne, create a new
connection:
-
Go to Connections > Applications, and click the + icon.
The Add Application panel opens.
-
In the Name and Describe Application section,
enter the following information:
- Application name: the PingOne administration console SSO PingAccess (or another name that helps you recognize this connection).
- Description (Optional): Enter a brief description of this application that distinguishes it from others.
- In the Choose Application Type section, select OIDC Web App, and then click Save.
- In the application details panel, click the Configuration tab, and then click the Pencil icon.
-
Locate the Redirect URIs field and enter the
appropriate URL.
For example, https://<FQDNofPAServer>:9000/pa/oidc/cb, where <FQDNofServer> is the machine name or fully qualified domain name of your PingAccess server, such ashttps://localhost:9000/pa/oidc/cb.
- Click Save.
- Click the Resources tab, and then click the Pencil icon.
-
In the Scopes list, locate the
Profile scope, and then click the
+ icon to add to the Allowed
Scopes section
- Click Save.
- Click the Attribute Mapping tab, and then click the Pencil icon.
-
Click the + Add button and add the following
attribute mappings.
Attributes PingOne Mapping PingFed Admin Roles
pf_admin_roles
- Click the Advanced Configurations button.
- For the attributes you just mapped, click the Required check box.
- Click Save.
-
Go to Connections > Applications, and click the + icon.
- To enable the application, click the toggle switch to the on (blue) position.
-
Add a new PingFederate
administrator and define their role and responsibilities.
Note:
If you already added an administrator when you set up SSO to PingFederate (Configuring PingOne, step 5), skip this step.
- Go to Identities > Users, and click the + icon.
-
On the Add User panel, enter a user name for the
PingFederate
administrator that has the
fullAdmin
role. - Click Save.
- In the user details panel, click the Roles tab, and then click the Grant Roles button.
-
In the Available Responsibilities, select
PingFederate Administrators and
PingFederate User Administrator.
- Click Save.
- In the More Options menu (three dots), click Reset Password.
- Select Force password reset on next sign on.
- Click Save.
- Select Connections > Applications and locate the application you created earlier.
- Click the application entry to open the details panel.
-
Click the Configurations tab and review the
configuration information.
You need this configuration property information to configure PingAccess for SSO, so you might want to keep this browser window open.
To continue the configuration, see Configuring PingAccess.