Your administrative users can access the admin portal using single sign-on (SSO) rather than logging in separately with username and password.
- PingOne for Enterprise dock: For admins or members of the specified LDAP groups for your user repository
- Any supported browser: For members of the specified LDAP groups for your user repository
If you're using PingOne for Enterprise Directory as your identity provider (IdP), all PingOne for Enterprise Directory admins have access to the admin portal from the dock.
If you're using PingFederate as your IdP , you can choose to configure SSO to the PingOne for Enterprise admin portal from PingFederate. For more information, see SSO to the PingOne for Enterprise admin portal from PingFederate Bridge.
If you've enabled an authentication policy and selected PingID as the authentication provider, you can use multi-factor authentication for SSO to the PingOne for Enterprise admin portal. For more information, see SSO to the PingOne for Enterprise admin portal with multi-factor authentication.
For more information about administrative roles and permissions, see Administrative roles.
- In the PingOne for Enterprise admin portal, go to .
For each administrative role, click Add Group and enter
the name of a user group to add to that administrative role.
If you're using LDAP groups, this needs to be the full distinguished name (FDN) for the administrator group ("CN=admins,OU=example,...").
Active Directory administrators can use the dsquery command on the Active Directory host to find the DN.Note: You can assign groups to a read-only administrative role, which grants the administrator access to the areas of the admin portal normally allowed by that role, but not the ability to change settings.Users who are members of the group will be able to SSO to the admin portal from any supported browser, as well as from the PingOne dock.
- Click Save.