1. In PingOne, go to Applications > Applications.
  2. Click the application you created to open the details panel.
  3. Click the Configuration tab and copy the following values to a secure location:
    • Issuer
    • Client ID
    • Client Secret
  4. Locate the PingDirectory config file at:
    PingDirectory/config/sample-dsconfig-batch-files/enable-pingone-admin-console-sso.dsconfig
  5. Make a copy of the config file and leave the original file intact.
  6. Open the copy of the config file in a text editor.
  7. Replace the variables with the values you copied from PingOne.
    # Create an ID token validator suitable for verifying ID tokens generated
    # by the PingOne service. The "All Admin Users" identity mapper will be used
    # to match users that authenticate with PingOne to either root DN users or
    # topology admin users defined in the server configuration.
    dsconfig create-id-token-validator \
    --validator-name "PingOne ID Token Validator" \
    --type ping-one \
    --set enabled:true \
    --set "identity-mapper:All Admin Users" \
    --set evaluation-order-index:1 \
    --set issuer-url:<PING_ONE_APPLICATION_ISSUER_URL>
    
    [...]
    
    # Configure the Administrative Console with your application's client
    # credentials and issuer URI.
    dsconfig set-web-application-extension-prop \
    --extension-name Console \
    --set sso-enabled:true \
    --set oidc-client-id:<PING_ONE_APPLICATION_CLIENT_ID> \
    --set oidc-client-secret:<PING_ONE_APPLICATION_CLIENT_SECRET> \
    --set oidc-issuer-url:<PING_ONE_APPLICATION_ISSUER_URL>
  8. Run the following dsconfig command.
    dsconfig --batch-file \
        enable-pingone-admin-console-sso-copy.dsconfig \
        --no-prompt