Ensure that you have:

  • A PingDirectory server that accepts LDAPS connections.

    This server will host the admin console that is being configured for SSO.

  • The host name and port for the PingDirectory server.
  • A PingOne account.

    For more information, see Getting started with PingOne SSO.

  • A PingOne environment that includes PingDirectory. Learn more in Adding an environment and Adding a service to an environment.

    When creating a new environment for this purpose, select Customer solution for the environment type.


You can use groups to organize user identities, as explained in Groups. You can also set access to applications, as explained in Application access control.

During this process, you'll:

  • Set up matching users between PingOne and the PingDirectory environments that allows the server's All Admin Users identity mapper to map the PingOne ID token to a Directory Server LDAP user.
  • Set up the OpenID Connect application in PingOne.
  • Configure the PingOne console and the PingDirectory server.