Configuring SSO to the PingOne for Enterprise admin portal

Configuring SSO to the PingOne for Enterprise admin portal - PingOne for Enterprise

PingOne for Enterprise

bundle

pingoneforenterprise

ft:publication_title

PingOne for Enterprise

Product_Version_ce

PingOne for Enterprise

category

Product

pingone

ContentType_ce

Your administrative users can access the admin portal using single sign-on (SSO) rather than logging in separately with username and password.

You can enable SSO to the PingOne for Enterprise admin portal for administrators using:

PingOne for Enterprise dock: For admins or members of the specified LDAP groups for your user repository
Any supported browser: For members of the specified LDAP groups for your user repository

If you're using PingOne for Enterprise Directory as your identity provider (IdP), all PingOne for Enterprise Directory admins have access to the admin portal from the dock.

If you're using PingFederate as your IdP , you can choose to configure SSO to the PingOne for Enterprise admin portal from PingFederate. For more information, see SSO to the PingOne for Enterprise admin portal from PingFederate Bridge.

If you've enabled an authentication policy and selected PingID as the authentication provider, you can use multi-factor authentication for SSO to the PingOne for Enterprise admin portal. For more information, see SSO to the PingOne for Enterprise admin portal with multi-factor authentication.

For more information about administrative roles and permissions, see Administrative roles.

In the PingOne for Enterprise admin portal, go to Setup > Dock > Admin Portal SSO.
For each administrative role, click Add Group and enter the name of a user group to add to that administrative role.

If you're using LDAP groups, this needs to be the full distinguished name (FDN) for the administrator group ("CN=admins,OU=example,...").

Active Directory administrators can use the dsquery command on the Active Directory host to find the DN.

Note: You can assign groups to a read-only administrative role, which grants the administrator access to the areas of the admin portal normally allowed by that role, but not the ability to change settings.

Users who are members of the group will be able to SSO to the admin portal from any supported browser, as well as from the PingOne dock.
Click Save.

After you've enabled SSO to the PingOne for Enterprise admin portal, you also can choose to apply a secondary level of authentication using PingID. For more information, see SSO to the PingOne for Enterprise admin portal with multi-factor authentication.