PingOne: How to configure SP-initiated SSO

Published: 06/27/2016
When setting up a connection to a Service Provider(SP) that supports SP-initiated SSO only, the Service Provider requires a sign-in URL endpoint to redirect to for authentication requests.   This value for PingOne is:

https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<idpid>

The idpid can be located on step one of configuring your PingOne application. It is the last parameter in the Initiate Single Sign-on URL.  

Once you complete the configuration steps to enable connection to an SP, you are provided with an Initiate Single sign-on URL in the format of: 

https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=<saasid>&idpid=<idpid>. By default this will also be the URL that's assigned to the application's icon in the PingOne dock.

If the Service Provider only supports SP-Initiated SSO, this URL will not allow Single Sign-on. Users will also not be able to SSO to the application from the PingOne dock. Instead you will need to obtain your single sign-on URL from the Service Provider. You can provide this URL to your users to bookmark, or you can customize the PingOne dock Icon URL so it uses the SP-Initiated SSO URL by following these steps:
  1. Login to admin.pingone.com.
  2. Click Applications, then My Applications.
  3. Select the application, and click the Edit button.
  4. Click Continue to Next Step.
  5. Under PingOne dock URL, select Use Custom URL, and enter the SP-Initiate SSO URL you recieve from your service provider.
  6. Continue through the configuration screens until you get to the final screen with the Finish button.

 
Category:
SaaS SSO , General , 
KB or other URL: