WorkOS Docs Homepage
Integrations
DashboardSign In

PingOne SAML

Learn how to configure a connection to PingOne via SAML.

Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a PingOne SAML Connection, you’ll need two pieces of information: an SP Metadata URL from WorkOS, and an IdP Metadata URL from PingOne.

WorkOS provides the SP Metadata URL. It is readily available in your Connection settings in the WorkOS Dashboard.

A screenshot showing where to find the SP Metadata URL in the WorkOS Dashboard.

The SP Metadata link contains a metadata file the organization can use to set up the SAML integration. In PingOne’s case, the SP Metadata URL needs to be set by the organization when configuring your application in their PingOne instance.

Specifically, the SP Metadata URL will need to be set on the SAML Configuration page:

A screenshot showing where the SP Metadata URL needs to be set in the PingOne settings.

Next, provide the PingOne IdP Metadata URL.

Normally, this information will come from the organization’s IT Management team when they set up your application’s SAML 2.0 configuration in their PingOne admin dashboard. However, should that not be the case during your setup, here’s how to obtain them:

In the PingOne Admin Console, select “Applications” (under “Connections”) in the side menu. Then, select your application.

A screenshot showing where to select a SAML app in PingOne.

In the “Attribute Mapping” section of the PingOne SAML app, add the following field-value parameter pairs:

  • emailEmail Address
  • firstNameGiven Name
  • idUser ID
  • lastNameFamily Name
A screenshot showing where to configure SAML attributes in PingOne.

Users can automatically be assigned roles within your application by sending their group memberships. To enable this, set up a group attribute statement following the guidance below.

This feature is currently in beta, contact customer support for more information.

Select the + Add button once. To return the names of all groups a user is a member of, add “groups” in the “Attributes” column mapped to the “Group Names” PingOne attribute. Click “Save”.

Users can automatically be assigned to roles within your application by sending their group memberships. To enable this, set up a group attribute statement following the guidance below.

This feature is currently in beta, contact customer support for more information.

Add a new groups attribute mapped to the “Group Names” PingOne attribute.

In the “Configuration” tab, copy the “IdP Metadata URL”. You’ll need this in the next step. Enable the SAML app to allow users to authenticate.

A screenshot showing where to copy the IdP Metadata URL from in PingOne.

Finally, upload the IdP Metadata URL you saved earlier in your WorkOS Connection settings. Your Connection will then be linked and good to go!

A screenshot showing where to upload the IdP Metadata URL in the WorkOS Dashboard.