Change the identity provider (IdP) discovery settings for existing invited customer connections.
Only certain settings are available for editing on invited connections. Managed connections have more settings that you can edit.
For information about editing an existing managed customer connection, see Edit a managed customer connection.
- To display the list of customer connections for your applications, click the Customer Connections tab.
To display the customer connection filtering options, click Narrow
- To filter the list of customer connections, select or clear the Enabled or Type boxes.
- For the connection you want to edit, click the down arrow to display the drop-down list, and click Edit.
- To edit the contact email for this connection, enter a new email address in the Contact Email field.
Enter the Email Domain to use for IdP discovery.
PingOne uses the email domain you specify to discover the IdP and assign it to the customer account.
Enable the Set as default IdP box to redirect users who
enter an email address that cannot be matched to an IdP during service provider
(SP)-initiated single sign-on (SSO).
The Set as default IdP setting is not displayed if you have already enabled this setting for the customer account.
You can enable IdP discovery to associate each connection with an IdP. When you initiate an SSO request (SP-initiated SSO), there is no need to specify the identifier for the IdP. Instead, PingOne resolves the correct IdP by associating email domains with specific managed accounts and their IdP. Then, during a user's initial SSO, the user enters a matching email domain. PingOne prompts the user for their email domain only during their initial SSO.
When a user initially attempts to SSO to the application, the user is prompted for their email address. If the domain of the email address matches one of the IdP discovery domains you assigned, PingOne redirects the user to the corresponding IdP for authentication. If the domains do not match and you have not enabled Set as default IdP, an error is displayed and the user is prompted again for their email address. When Set as default IdP is enabled, the user is redirected to the default IdP to authenticate.
- When you are finished making changes, click Save changes.