Ensure that you have:

  • A PingDirectory server that accepts LDAPS connections

    This server will host the admin console that is being configured for SSO.

  • The hostname and port for the PingDirectory server.
  • A PingOne account.

    For more information, see Getting started with PingOne SSO.


You can use groups to organize user identities, as explained in Groups. You can also set access to applications, as explained in Application access control.

During this process, you will:

  • Set up matching users between PingOne and the PingDirectory environments that allows the server's All Admin Users identity mapper to map the PingOne ID token to a Directory Server LDAP user.
  • Set up the OpenID Connect (OIDC) application in PingOne.
  • Configure the PingOne console and the PingDirectory server.