Enabling IdP-initiated SSO - PingOne Cloud Platform - PingOne

PingOne Cloud Platform

bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne Cloud Platform
PingOne
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Guide
Product documentation
Guide > Administrator Guide

In the external SAML identity provider, enable IdP-initiated SSO. The specifics of the configuration vary depending on the identity provider. See the identity provider documentation for more information.

  1. Configure the RelayState parameter to contain the applicationId when the IdP sends an SAML assertion to PingOne.
    Example: applicationId=bda4e692-84c2-4f90-8835-d28da695c748
    Note:

    For some applications, the applicationId is also known as the Client ID.

  2. Optionally, you can also include applicationUrl in the RelayState.
    Example: applicationId=bda4e692-84c2-4f90-8835-d28da695c748&applicationUrl=https://myapp.com/overview
    Note:

    The applicationUrl is used only when target_link_uri is not configured.

    The following is a sample request to the OIDC application.

    https://myapp.com/login?iss=https%3A%2F%2Fauth.pingone.com
    %2Fb18072d1-07a0-4771-8cb6-efa42700dc5b%2Fas
    &target_link_uri=https%3A%2F%2Fmyapp.com/overview

    If needed, you can include iss and target_link_uri parameters directly in the Initiate Login URI configuration. These parameters take precedence over the values for the PingOne application. For more information, see Initiating Login from a Third Party.