Breadcrumbs

Configuring Ping as Identity Provider

To configure Ping as the identity provider, you need to do the following:

  1. Creating a Ping Application That Will Serve as Identity Provider: We register an application in Ping Identity to use the service as an external identity provider. 

  2. Registering Our Ping Application in the IGEL Customer Portal: This will enable IGEL Cloud Services to use our Ping Application as the external identity provider.

  3. Configuring roles: We make the user role information accessible for the (12.04.120) Default Directory Rules feature of the UMS.

Creating a Ping Application That Will Serve as Identity Provider

  1. Log in to Ping with your admin account, and on the Connections > Applications page add a new application.

    29529695-4ac9-4321-9fba-87e618afbe2c.png


  2. Edit the settings as follows and then click Next. 

    • Under Application Name, enter a name for your application, e.g. "OBS".

    • Set Application Type to OIDC Web Application.

      15ce8c05-db66-4fed-bceb-0151c1ece99c.png


  3. Edit the settings under Edit Configuration as follows and then click Save.

    • Under Response Type, make sure Code is selected.

    • Make sure that as the Grant Type, the option Authorization Code is selected and that the Proof Key for Code Exchange (PKCE) Enforcement is set to S256_REQUIRED.

    • Under Redirect URIs, add "https://obs.services.igel.com/".

      OBS_Ping7.png

    • Under Token Endpoint Authentication Method make sure Client Secret Post is selected.

      fa29823b-73ae-411b-ac39-043b48e7d2b9.png


  4. By default, access is granted for all users. To configure access, open the Edit Access page from the Access button and use group access by choosing an existing Group configured under Identities > Groups.

    7a15be3e-03b1-45e1-aec7-89570abbd161.png

    The app integration is created.

Registering Our Ping Application in the IGEL Customer Portal

  1. Open the IGEL Customer Portal in your browser, log in to your admin account, and select Users > IGEL OS IdP.

    image-20240917-052005.png



  2. Click Register IGEL OS IdP.

    image-2022-12-2_15-15-53.png


  3. Enter a Display name. This is the name under which your identity provider app will be displayed.

    image-2022-12-2_15-18-49.png


  4. Change to the tab with your Ping app, go to the Overview tab and copy the Client ID.

    OBS_Ping4.png


  5. Change to the IGEL Customer Portal (IGEL OS Identity Provider (IdP) Registration) tab and paste the client ID into the field Client ID.

    OBS_Registration1.png


  6. Change to the tab with your Ping app, go to the Overview tab and copy the Client Secret.

    OBS_Ping5.png


  7. Change to the IGEL Customer Portal (IGEL OS Identity Provider (IdP) Registration) tab and paste the client secret into the field Client secret.

    OBS_Registration2.png


  8. To get the Authorization Endpoint URL and Token Endpoint URL, change to the tab with your Ping app and go to the Configuration tab.

    04e7310e-093a-43f2-bacb-dd0d9df68ab8.png


  9. Copy and paste the values into the Authorization Endpoint URL and Token Endpoint URL fields one by one.

    OBS_Ping9.png


  10. To add a domain, click Add, enter the Domain name, and then click Add in the dialog.

    OBS_AddDomain.png


  11. Click Submit.
    The data record is created.

Configuring Roles

For information, see https://docs.pingidentity.com/r/en-us/pingone/p1_c_userattributes .