WorkOS Docs Homepage

PingOne SAML

Learn how to configure a connection to PingOne via SAML.

Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a PingOne SAML Connection, you’ll need three pieces of information: an ACS URL and Entity ID from WorkOS, and the Metadata URL from PingOne.

WorkOS provides the ACS URL and SP Entity ID. They’re readily available in your Connection settings in the WorkOS Dashboard.

The ACS URL is the location an Identity Provider redirects its authentication response to. In PingOne’s case, the ACS URL and Entity ID need to be set by the Enterprise when configuring your application in their PingOne instance.

Specifically, the ACS URL and Entity ID will need to be set in the “Application Configuration” step of the PingOne “Edit Application” wizard:

Next, provide the PingOne IdP Metadata URL.

Normally, this information will come from your Enterprise customer’s IT Management team when they set up your application’s SAML 2.0 configuration in their PingOne admin dashboard. However, should that not be the case during your setup, here’s how to obtain them:

Log in to PingOne, go to the admin dashboard, select “Applications” on the top nav bar, then select the “My Applications” tab. Then, select your application.

In the “SSO Attribute Mapping” section of the PingOne “Edit Application” wizard, add the following field-value parameter pairs:

  • email → Email (Work)
  • firstName → First Name
  • id → Id
  • lastName → Last Name

On the application’s page, copy the SAML Metadata URL. You’ll need this in the next step.

Finally, upload the SAML Metadata URL you saved earlier in your WorkOS Connection settings. Your Connection will then be linked and good to go!