--- title: Configuring PingOne for Enterprise SSO with PingFederate Bridge as the identity repository description: To enable PingOne for Enterprise single sign-on (SSO) using PingFederate Bridge as a new identity repository, use the PingFederate administrative console and the PingOne for Enterprise admin portal. To integrate PingOne for Enterprise SSO with an existing PingFederate configuration, see Connecting to PingOne for Enterprise after initial setup. component: solution-guides page_id: solution-guides:single_sign-on_use_cases:htg_config_p14e_pfb_identity_repository canonical_url: https://docs.pingidentity.com/solution-guides/single_sign-on_use_cases/htg_config_p14e_pfb_identity_repository.html revdate: May 1, 2024 page_aliases: ["single_sign-on_use_cases:htg_config_p14e_pfb_identity_repository_p14e_portal.adoc", "single_sign-on_use_cases:htg_config_p14e_pfb_identity_repository_p14e_bridge.adoc", "single_sign-on_use_cases:htg_config_p14e_pfb_identity_repository_sso_bridge.adoc"] section_ids: components: Components before-you-begin: Before you begin connecting-pingfederate-bridge-to-pingone-for-enterprise-through-the-pingone-for-enterprise-admin-portal: Connecting PingFederate Bridge to PingOne for Enterprise through the PingOne for Enterprise admin portal about-this-task: About this task steps: Steps result: Result: connecting-pingfederate-bridge-to-pingone-for-enterprise-through-pingfederate-bridge: Connecting PingFederate Bridge to PingOne for Enterprise through PingFederate Bridge about-this-task-2: About this task steps-2: Steps result-2: Result: result-3: Result: configuring-p1-sso-pf-bridge: Configuring PingOne for Enterprise SSO with PingFederate Bridge about-this-task-3: About this task steps-3: Steps result-4: Result --- # Configuring PingOne for Enterprise SSO with PingFederate Bridge as the identity repository To enable PingOne for Enterprise single sign-on (SSO) using PingFederate Bridge as a new identity repository, use the PingFederate administrative console and the PingOne for Enterprise admin portal. To integrate PingOne for Enterprise SSO with an existing PingFederate configuration, see [Connecting to PingOne for Enterprise after initial setup](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_connecttop1_connecttop1state.html). ## Components * PingOne for Enterprise * PingFederate Bridge (available through PingOne for Enterprise) ## Before you begin You must have: * A PingOne for Enterprise admin portal account * An instance of PingFederate Bridge ## Connecting PingFederate Bridge to PingOne for Enterprise through the PingOne for Enterprise admin portal Connect PingOne for Enterprise SSO to PingFederate Bridge through the PingOne for Enterprise admin portal. ### About this task You can also connect PingOne for Enterprise SSO to PingFederate Bridge through PingFederate Bridge. To connect to PingOne for Enterprise SSO through the PingOne for Enterprise admin portal: ### Steps 1. In the PingOne for Enterprise admin portal, click **Setup**. 2. On the **Identity Repository** tab, click **Connect to an Identity Repository**. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you have previously configured an identity repository, **Change Identity Repository** appears. Contact support about changing your identity repository or making changes to your existing PingFederate identity repository configuration because making changes affects your PingOne for Enterprise configuration. | 3. From the **Connect to an Identity Repository** menu, select **PingFederate**. Click **Next**. 4. Select **No**, and click **Next**. | | | | - | -------------------------------------------------------------------------------------- | | | To integrate with an existing PingFederate implementation, see PingOne for Enterprise. | 5. To choose your server platform, follow the on-screen instructions. 6. To download PingFederate Bridge, follow the on-screen instructions. 7. To install and configure PingFederate Bridge, follow the on-screen instructions. 8. In the PingFederate administrative console, review the license agreement. Click **Accept**. 9. In the PingOne for Enterprise admin portal, from the **Complete Quick Start** section, copy the activation key. ![Screen capture of the Complete Quick Start section. The Activation Key field is highlighted with a red box. Below the activation key field reads: To connect to your account, copy this unique activation key into when prompted. This is a single-use activation key. A new key will be generated for each session.](../_images/ebu1602608416395.png) 10. In the PingFederate administrative console, click **Yes, Connect to PingOne for Enterprise**. 11. In the **Activation Key** field, paste the activation key you copied from the PingOne for Enterprise admin portal. ![Screen capture of the Yes, Connect to section. The Activation Key field is highlighted with a red box. Text reads To connect this node to your account, enter your activation key. A link below reads Sign on to PingOne to get your activation key.](_images/sxf1604599204570.png) 12. Click **Next**. #### Result: The PingFederate administrative console displays the **Identities** section. 13. Proceed to [Configuring PingOne for Enterprise SSO with PingFederate Bridge](#configuring-p1-sso-pf-bridge). ## Connecting PingFederate Bridge to PingOne for Enterprise through PingFederate Bridge Connect PingOne for Enterprise SSO to PingFederate Bridge through PingFederate Bridge. ### About this task You can also connect PingOne for Enterprise SSO to PingFederate Bridge through the PingOne for Enterprise admin portal. To connect to PingOne for Enterprise SSO through PingFederate Bridge: ### Steps 1. Install PingFederate from the [Ping Identity Downloads Page](https://www.pingidentity.com/en/resources/downloads/pingfederate.html). 2. To start the PingFederate server in Linux, run the following script. ``` /pingfederate/bin/run.sh ``` | | | | - | --------------------------------------------------------------- | | | In Windows, the server starts automatically after installation. | 3. Open the PingFederate administrative console. 1. Open a browser and enter `https://Your Server Domain:9999/pingfederate/app`. | | | | - | ---------------------------------------------------------------- | | | *Your Server Domain* is your fully qualified domain name (FQDN). | 2. To proceed, review the license agreement. Click **Accept**. 4. Click **Yes, Connect to PingOne for Enterprise**. 5. Click **Sign on to PingOne to get your activation key** and enter your credentials to sign on. ![A screen capture of the Yes, Connect to section. The link reading Sign on to PingOne to get your activation key is highlighted with a red box. Above the link the text reads To connect this node to your account, enter your activation key.](_images/dbj1604600235163.png) #### Result: The admin portal displays the activation key. 6. Copy the activation key from the PingOne for Enterprise admin portal to your clipboard. ![A screen capture of the PingOne admin portal Activation Key field. The field is highlighted with a red box and contains sample key text.](_images/usu1604601270700.png) 7. In the PingFederate administrative console, in the **Activation Key** field, paste the key value. ![Screen capture of the Yes, Connect to section. The Activation Key field is highlighted with a red box. Text reads To connect this node to your account, enter your activation key. A link below reads Sign on to PingOne to get your activation key.](_images/sxf1604599204570.png) 8. Click **Next**. #### Result: The PingFederate administrative console displays the **Identities** section. 9. Proceed to [Configuring PingOne for Enterprise SSO with PingFederate Bridge](#configuring-p1-sso-pf-bridge). ## Configuring PingOne for Enterprise SSO with PingFederate Bridge ### About this task To configure PingOne for Enterprise SSO with PingFederate Bridge as the identity repository: ### Steps 1. From the PingFederate Bridge administrative console **Identities** section, select **Yes, Connect a Directory Server**. 2. Enter information in the fields that is appropriate for your directory server. | Field | Description | | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Directory Type** | Select the type of directory server from the list. | | **Data Store Name** | Enter the name of the datastore. | | **Hostname** | Enter the fully qualified domain name (FQDN) for your directory server. | | **Service Account DN** | Enter the distinguished name (DN) of the service account that PingFederate Bridge can use to communicate with the directory server. | | **Password** | Enter the password associated with the service account. | | **Search Base** | Enter the DN of the location in the directory where PingFederate Bridge begins its datastore queries. | | **Search Filter** | Specify how the username provided by a user at sign-on is mapped to an attribute in your directory.The default value is either `sAMAccountName=${username}` or `uid=${username}`, depending on the selected directory type.If you require a more advanced search filter, enter the value in the following format: `=${username}`. For more information, consult your directory administrators. | 3. Click **Next**. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If your directory server is SSL-enabled and presents an untrusted certificate, PingFederate Bridge prompts you to upload the server's certificate. Click **Choose Certificate**, select the appropriate certificate, and click **Next**. | 4. In the **Use Cases** section, select the **PingOne SSO** checkbox, leaving the **Additional SSO Features** checkbox unselected. Click **Next**. 5. In the **Basic Information** section, in the **Base URL** field, enter `https://Your Server Domain:9031`. | | | | - | ---------------------------------- | | | *Your Server Domain* is your FQDN. | 6. Click **Next**. 7. In the **Confirmation** section, review your configuration. To apply the configuration to PingFederate Bridge, click **Next**. 8. Click **Done**. ### Result PingOne for Enterprise SSO, using PingFederate Bridge as the identity repository, is enabled for your PingOne for Enterprise applications.