SSO Configuration - Ping Identity
This guide will walk you through integrating Single Sign-On (SSO) with Ping Identity to allow your users to access InfoSum using their Ping credentials. With this setup, user authentication will be securely managed by Ping Identity, simplifying your access management process.
To complete the integration, you will:
- Register your application in Ping Identity.
- Configure authentication settings.
- Retrieve key credentials (Client ID, Client Secret, and OIDC Discovery URI).
At the end of this guide, you’ll also find troubleshooting tips to address common integration challenges.
Note: Make sure you have administrative access to your Ping Identity environment. If you are unfamiliar with app registration in Ping Identity, refer to their official documentation for guidance.
Step-by-Step Guide
Step 1: Register a New Application in Ping Identity
-
Log in to the PingOne Admin Console:
- Sign in to PingOne with administrative credentials.
-
Register a new app:
- In the console, navigate to Connections > Applications.
- Select Add Application and then OIDC Web App.
-
Enter app registration details:
- Name: Provide a name, such as “SSO for InfoSum”.
- Redirect URI: Choose Web and enter the Redirect URI provided by InfoSum (e.g., https://accounts.infosum.com/authorization-code/callback/{customername-IDPType}).
- Example: https://accounts.infosum.com/authorization-code/callback/infosum-ping
- Grant Types: Enable Authorization Code and Refresh Token.
- Authentication Method: Choose Client Secret Post (or None if preferred).
- Click Save to complete the registration.
Step 2: Configure Authentication Settings
-
Open your registered app in Ping Identity:
- Go to the app details and select Authentication from the left-hand menu.
-
Verify Redirect URI:
- Ensure the Redirect URI matches exactly with what we provided, paying attention to case sensitivity and any trailing slashes.
-
Enable ID Tokens:
- Enable ID tokens in the settings to allow authentication using the OpenID Connect (OIDC) protocol.
Step 3: Create a Client Secret
-
Navigate to "Certificates & Secrets":
- In the application settings, find Certificates & Secrets.
-
Create a Client Secret:
- Click New Client Secret, provide a description (e.g., “SSO Integration”), and set an expiration period based on your security requirements.
- Click Add, and immediately copy the generated client secret. Save it securely, as it won’t be displayed again.
Note: Make sure to copy the “client secret value,” not the “client secret ID.”
Step 4: Retrieve the Required Credentials
-
Client ID:
- Go to the Overview page of your registered app and copy the Application (Client) ID.
-
Client Secret:
- Use the client secret value you generated in Step 3.
-
OIDC Discovery URI:
-
Construct the URI based on your Ping environment:
- https://auth.pingone.com/{environment_id}/.well-known/openid-configuration
- Replace {environment_id} with your specific environment ID found in Ping Identity’s admin settings.
-
Construct the URI based on your Ping environment:
Provide Information to InfoSum
After completing the above steps, share the following information with InfoSum:
- Client ID: The public identifier for your app.
- Client Secret: A confidential value used to authenticate your app.
- OIDC Discovery URI: https://auth.pingone.com/{environment_id}/.well-known/openid-configuration
Once InfoSum has finished setting up your SSO, you can test your login by following the direct login URL provided by InfoSum:
- Format: https://accounts.infosum.com/login/{customername-IDPType}
- Example: https://accounts.infosum.com/login/infosum-ping
Alternatively, you can use the 'Sign in with Private SSO' option at the bottom of the InfoSum login screen. This will direct you to your Ping Identity login portal after entering your email address.
Common Issues and Troubleshooting
-
Invalid Client ID or Secret Error
- Ensure the client ID and client secret are copied correctly and that the client secret hasn’t expired.
-
Redirect URI Mismatch Error
- Confirm that the Redirect URI we provided matches exactly with what is configured in the Authentication section of your app. Pay attention to case sensitivity and trailing slashes.
-
Access Denied Error
- Verify that the user attempting to log in has the required permissions in Ping Identity. Ensure they are assigned to the application within your PingOne setup.
-
Expired or Invalid Tokens
- Ensure that the client secret is still valid and has not expired. Verify that clocks are synchronized between systems to avoid token validation issues.
-
OIDC Discovery URI Not Found
- Confirm that the environment ID is correct and that the app registration exists within the correct Ping Identity environment.
Conclusion
By following this guide, you will successfully configure SSO with Ping Identity. Once the integration is complete, users will be able to securely log in to InfoSum using their Ping Identity credentials.
If you encounter any issues during setup, please reach out to our support team for assistance at Support@infosum.com