Configuring PING Identity for Single Sign-On

PING identity is a service that allows you to log into multiple applications at the same time. This article provides guidance on configuring Ping Identity to work with your Single Sign-On connector.

Create an Application

1. Select the + icon next to Applications.

A side pane displays.

2. Enter an Application name.

3. Select Show Details next to Application Type.
4. Select OIDC Web App.
5. Select Save.

The Smart Flows page displays.

Configure Smart Flows Application

1. Move the slider next to the Smart Flows heading to ON.

2. Select the Configuration tab.

To edit the Configuration tab attributes, select the pencil icon on the far right.

3. For Response Type, select Code.

4. For Grant types select both the Authorization Code and Client Credentials.
5. Fill in the correct redirect URL for your application. This is the base-url for your application with /oauth2/redirect as the suffix.
6. For the Token Endpoint Authentication Method, select the Client Secret Post.
7. Select the Resources tab.

To edit the Resources tab attributes, select the pencil icon on the far right.

8. Under Allowed Scopes choose the following

  • email (OpenID Connect)

  • openid (OpenID Connect)

  • profile (OpenID Connect)

9. Select Save.

Assign Roles to Users by Group

To use roles in PING Identity we need to add users to a group.

In the dashboard there is an option to add roles, but this is specifically to perform actions on Ping Identity only and does not reflect to how the user is authenticated in Smart Flows.
1. Go to the left-hand side menu, and under Identities options, select the Groups link.
2. To create a new group, select on the + icon next to Groups.

A Create New Group wizard displays.

3. Enter a Group Name.

Adding a Group Description and selecting a Population are optional.

4. Select Save.

You can now add users to the group.

5. Select the name of the group you just created and want to add users to.

6. From admin page,select Users.

Add Users Individually

You can add the users individually by manually selecting each person.

1. Select the Add Individually button.

2. Individually select each person to be added as a user.

Add Users with a Filter

You can also add users by applying a filter.

1. Select Add with a Filter.

2. In the Create Dynamic Group create the filter attributes to extract your users.

3. Select all the users to add to the given group.
4. In PING go to Applications Applications and select Attribute Mappings.

5. Select the pencil icon to edit the attributes.
6. Select on the + Add button to add a new attribute.
7. Enter a name for the attribute.

For example, group, and map that to the group names under the PingOne Mappings.

8. Go back to Smart Flows and configure the Single Sign-On Connector, see Configuring Microsoft Entra ID for Single Sign-On for more details.