The idpId parameter is a unique value that identifies a customer organization to your software as a service (SaaS) application.

The idpId represents a unique identity provider (IdP) configuration for a given customer. The same IdP configuration is applied across all connections that share an idpId within your PingOne SSO for SaaS Apps account.

Once set, the idpId value can't be changed. You can change the configuration that is used by the idpId, which will update all connections using that idpId.


If your IdP partner has separate environments for testing and production, create a different idpId configuration for each.

If your IdP partner has only one environment, but you want separate application connections for test and production, create test and production versions of your application, and use the same idpId configuration for both.

The idpId parameter is used in three application workflows:

Most applications should use the domain name as an idpId value because it's a common way of uniquely identifying a domain of users.

However, if your application doesn't include a domain name, can't guarantee the domain name's uniqueness, or if you already have a scheme for identifying an organization in your application (for example, by company name or UUID), you can assign any value. The idpId is ultimately for your application to consume.

idpId is used during single sign-on (SSO) to identify which IdP connection/configuration to use. If the idpId is not specified, the user will be prompted to perform IdP discovery based on their email domain. For more information on configuring email domains for idpId discovery, see Edit an invited customer connection and Edit a managed customer connection.

For more information about finding an existing idpId value, see Finding the idpId value.


The PingOne for Enterprise test identity provider will automatically be added to your application with a random GUID as the idpId. To find the test provider, go to Customer Connections, click Narrow by, and select Test IdP.