Connect PingOne

Learn how to configure a connection to PingOne via SAML


Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a PingOne SAML Connection, you'll need four pieces of information: an ACS URL, an Identity Provider Issuer (also known as an Entity ID), an Identity Provider SSO URL, and an X.509 Certificate.

WorkOS Provides

WorkOS provides the ACS URL and Identity Provider Issuer (Entity ID). They're readily available in your Connection's Settings in the Developer Dashboard.

The ACS URL is the location an Identity Provider redirects its authentication response to. In PingOne's case, the ACS URL and Entity ID need to be set by the Enterprise when configuring your application in their PingOne instance.

Specifically, the ACS URL and Entity ID will need to be set in the "Application Configuration" step of the PingOne "Edit Application" wizard:

Configuring PingOne SAML

And then you provide the PingOne SSO URL and X.509 certificate.

Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their PingOne admin dashboard. However, that should not be the case during your setup. Here's how to obtain them:

Log In and Select Your Application

Log in to the PingOne admin dashboard, select "Applications" at the top, select the "My Applications" tab and then select your Application.

Obtain Identity Provider Details

Copy and Paste the "Initiate Single Sign-On (SSO) URL" into the IdP SSO URL field in your WorkOS Developer Dashboard. Then select "Download" next to "Signing Certificate" to obtain the X.509 Certificate, and save it to your preferred directory.

Configure Attribute Mapping

In the "SSO Attribute Mapping" section of the PingOne "Edit Application" wizard, add the following field-value parameter pairs:

  • id -> SAML_SUBJECT
  • firstName -> First Name
  • lastName -> Last Name
  • email -> Email

Upload Certificate

Finally, upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will then be linked and good to go!