Sign in

Connect PingOne

Learn how to configure a connection to PingOne via SAML


Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a PingOne SAML Connection, you'll need four pieces of information: an ACS URL, an Identity Provider Issuer (also known as an Entity ID), an Identity Provider SSO URL, and an X.509 Certificate.

WorkOS ProvidesLink

WorkOS provides the ACS URL and Identity Provider Issuer (Entity ID). They're readily available in your Connection's Settings in the Developer Dashboard.

The ACS URL is the location an Identity Provider redirects its authentication response to. In PingOne's case, the ACS URL and Entity ID need to be set by the Enterprise when configuring your application in their PingOne instance.

Specifically, the ACS URL and Entity ID will need to be set in the "Application Configuration" step of the PingOne "Edit Application" wizard:


And then you provide the PingOne SSO URL and X.509 certificate.

Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their PingOne admin dashboard. However, that should not be the case during your setup. Here's how to obtain them:

Log In and Select Your ApplicationLink

Log in to the PingOne admin dashboard, select "Applications" at the top, select the "My Applications" tab and then select your Application.

Obtain Identity Provider DetailsLink

Copy and Paste the "Initiate Single Sign-On (SSO) URL" into the IdP SSO URL field in your WorkOS Developer Dashboard. Then select "Download" next to "Signing Certificate" to obtain the X.509 Certificate, and save it to your preferred directory.

Configure Attribute MappingLink

In the "SSO Attribute Mapping" section of the PingOne "Edit Application" wizard, add the following field-value parameter pairs:

  • id -> SAML_SUBJECT
  • firstName -> First Name
  • lastName -> Last Name
  • email -> Email

Upload CertificateLink

Finally, upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will then be linked and good to go!