Federated SSO uses an identity bridge to establish secure user authentication. You will choose an identity bridge to establish a connection to your user repository. The identity bridge ensures secure user authentication and (when used) provisioning from the user repository. When your identity bridge connection is set up, you're automatically provided with a PingOne dock URL for your organization. You will then customize your dock to reflect your organization, and add selected applications to PingOne for Enterprise for single sign-on (SSO) by your users. After you add and authorize your groups for access to the applications you've added, you're all set.
How It Works
What PingOne for Enterprise Logs for Every Federated SSO Transaction
Whenever a user signs on (SSO) to PingOne for Enterprise, we log the information in the following table. You can see the logging details displayed on your Reports page.
| Parameter | Description |
|---|---|
| (date) | The date and time of the SSO transaction. |
| TOKEN SUBJECT | The user ID we send to the Service Provider (SP). |
| SUBJECT_FROM_IDP | The user ID returned by the identity bridge. |
| TOKEN | A generated ID used to retrieve SSO attributes from PingOne. Limited to one-time use. |
| ASSERTIONID | The ID for the SAML assertion from the identity bridge. |
| IP | The user's IP address for this SSO transaction. |
| AGENT_ID | The ID assigned to the user's client or agent (generally a browser) used for SSO. |
| AGENT | Information about the client or agent used for SSO. |
| APP_NAME | The name of the application used for SSO. |
| SAAS_DOMAIN | If specified, the host name or domain name for the user application. |
| SAAS_ID | The ID assigned to the user application. |
| SP_ACCOUNT_ID | The PingOne account ID for the SP. |
| SP_ACCOUNT_NAME | The name assigned to the SP account in PingOne. |
| IDP_ID | The identity bridge ID used by the SP to identify the identity bridge. |
| IDP_ACCOUNT_ID | The unique account ID for the identity bridge in PingOne. |
| IDP_ACCOUNT_NAME | The name of the identity bridge in PingOne. |
| ACCOUNT_REGION | The region of the identity bridge. |
| FIRST_NAME_FROM_IDP | The user's first name as assigned by the IdP. |
| LAST_NAME_FROM_IDP | The user's last name as assigned by the IdP. |
| EMAIL_FROM_IDP | The user's email address as assigned by the IdP. |
| STATUS | The status of the SSO transaction. |
| ERROR_CODE | Contains the error information if an error occurs. |