You must have the following:

  • PingFederate installed and operating with administrator access OS
  • Okta with Workforce Identity Single sign-on, One-App, or Enterprise editions

This task also assumes that you have the following information from the SP:

  • Assertion consumer service (ACS) URL
  • Signing certificate (if required)

With Okta as the IdP, only a one-to-one IdP to SP entityID relationship is supported. If the SP has more than one application, a new IdP connection with a unique entityID from Okta is required. This behavior can be overridden by Okta.

  1. Sign on to Okta as an administrator.
  2. Go to Application > Add Application.
  3. On the Add Application page, click Add Application.
  4. On the Create a New Application Integration page, in the Platform list, select Web.
  5. Click SAML 2.0, and then click Create.
  6. On the General Settings tab, in the Create SAML Integration section, enter a name for the application in the App name field. Click Next.
    You can also add a logo and set the app visibility.
  7. On the Configure SAML tab, in the Single Sign on URL field, enter the PingFederate ACS URL.
  8. In the Audience URI field, enter the PingFederate SAML entity ID or connection virtual server ID (VSID).
  9. Optional: In the Attribute Statements (Optional) and Group Attribute Statements (Optional) sections, add attributes from the Okta user store to fulfill the attribute contract with the SP.
  10. Click Next.
  11. Optional: Complete the sections on the Feedback tab.
    The sections on this tab help the Ping Identity support team.
  12. Click Finish.
  13. To obtain the file needed to configure the PingFederate SP, in the Summary window, click the Identity Provider metadata link.
  14. Optional: If you're creating your own portal, click the General tab, and then copy the App Embed Link.
Okta configuration as the IdP is complete.