Creating a web application - PingOne Cloud Platform - PingOne

PingOne Cloud Platform

PingOne Cloud Platform
PingOne Cloud Platform
Product documentation
Guide > Administrator Guide

A web application is a browser-based application with a server-side component, such as .NET web apps, JSP/Java, Node.js, or Ruby on Rails.

Web applications typically have functions similar to desktop applications. Web applications can use SAML or OpenID Connect (OIDC) for authentication.

A web application includes the following configuration.

Create App Profile

The application name and description.


The application's redirect URL.

Grant Access

To your application (for your customers to trigger authentication requests).

Attribute Mapping

Map your PingOne user-defined attributes to the corresponding application attributes, for accessibility between users and your app.

Every user authentication event occurs in the context of a SAML or OIDC application. When you invoke multi-factor authentication (MFA) through an OIDC request, you'll need to provide a client ID, which is the ID of your web application.

A worker app is used to make backend calls. In contrast, a web app (or native app or single page app) is required for invoking an authentication flow.

Creating a web application console

  1. In the PingOne admin console, go to Applications > Applications.
  2. Click +.
    The Add Application panel will pop up.
  3. Enter an appropriate Application Name and a Description.

    For example, the application name Getting Started Web OIDC App.

  4. In Choose Application Type, click OIDC Web App.
  5. Click Save.

    The details panel opens. Applications are granted OAuth scopes so that they can access PingOne platform resources.

  6. To configure the application URL, click the Configuration tab, then click the Pencil icon.
  7. In the Redirect URIs field, enter your application's redirect URL (for example,
  8. Click Save.
  9. To grant access to your application, click the Access tab and click the Pencil icon.
  10. Click + to select the groups.
  11. Click Save.
  12. Click the Resources tab, and click the Pencil icon.
  13. Enter profile in the Search Scopes field

    This filters the list of resource types so that only the Open ID profile scope remains visible in the scopes selection list.

  14. On the Profile Scope, click the + icon or drag it out to the Allowed Scopes.
  15. Click Save.
  16. To map your PingOne user-defined attributes to your corresponding application attributes, click the Attribute Mappings tab, and click the Pencil icon.
  17. Click + Add and fill in the Attributes and corresponding PingOne Mappings fields.
  18. Click Save.
  19. At the top right of the web application's profile, click the toggle to enable it.

    For more information and additional configuration options, see Adding an application.

Configuring a sign-on policy

Creating a web application API alternative

Application developers can use the API operations to create a web application. Use the access token generated through the worker app.

Configuring a sign-on policy