PingOne supports single sign-on (SSO) from an external SAML identity provider (IdP) to an application. If a user is already signed in with the IdP, they can access an application without having to sign in.
You’ll configure the application in PingOne, and then configure the IdP to reference the application for IdP-initiated SSO. For OpenID Connect (OIDC) applications, you must first complete the configuration steps in Configuring an OIDC application. For SAML applications, skip to Enabling IdP-initiated SSO.
You’ll need to configure the IdP to include the RelayState parameter with the target application ID when the IdP sends a SAML assertion to PingOne.
The following diagram shows the flow for an OIDC application: