Federated SSO uses an identity bridge to establish secure user authentication. You will choose an identity bridge to establish a connection to your user repository. The identity bridge ensures secure user authentication and (when used) provisioning from the user repository. When your identity bridge connection is set up, you're automatically provided with a PingOne dock URL for your organization. You will then customize your dock to reflect your organization, and add selected applications to PingOne for Enterprise for single sign-on (SSO) by your users. After you add and authorize your groups for access to the applications you've added, you're all set.

How It Works

What PingOne for Enterprise Logs for Every Federated SSO Transaction

Whenever a user signs on (SSO) to PingOne for Enterprise, we log the information in the following table. You can see the logging details displayed on your Reports page.

Parameter Description
(date) The date and time of the SSO transaction.
TOKEN SUBJECT The user ID we send to the Service Provider (SP).
SUBJECT_FROM_IDP The user ID returned by the identity bridge.
TOKEN A generated ID used to retrieve SSO attributes from PingOne. Limited to one-time use.
ASSERTIONID The ID for the SAML assertion from the identity bridge.
IP The user's IP address for this SSO transaction.
AGENT_ID The ID assigned to the user's client or agent (generally a browser) used for SSO.
AGENT Information about the client or agent used for SSO.
APP_NAME The name of the application used for SSO.
SAAS_DOMAIN If specified, the host name or domain name for the user application.
SAAS_ID The ID assigned to the user application.
SP_ACCOUNT_ID The PingOne account ID for the SP.
SP_ACCOUNT_NAME The name assigned to the SP account in PingOne.
IDP_ID The identity bridge ID used by the SP to identify the identity bridge.
IDP_ACCOUNT_ID The unique account ID for the identity bridge in PingOne.
IDP_ACCOUNT_NAME The name of the identity bridge in PingOne.
ACCOUNT_REGION The region of the identity bridge.
FIRST_NAME_FROM_IDP The user's first name as assigned by the IdP.
LAST_NAME_FROM_IDP The user's last name as assigned by the IdP.
EMAIL_FROM_IDP The user's email address as assigned by the IdP.
STATUS The status of the SSO transaction.
ERROR_CODE Contains the error information if an error occurs.