Set Up Ping Identity Single Sign On (SSO)

This articles provides steps for configuring Ping Identity SSO in Cloud Control Center.

Quick Links
Step 1 - Add Cloud Control Center as an Application in Ping

Step 2 - Configure Supported User Roles in Ping

Step 3 - Configure Ping Identity SSO in Cloud Control Center

Step 1 - Add Cloud Control Center as an Application in Ping

 

First, login to your Ping Identity console. Go to Connections -> Applications and click the add application icon. ( + ) Give your application a name such as "Elisity CCC" and optionally add a description. Select OIDC Web App as your Application Type and click save

 

 

After saving, go back to the Applications Panel and Click on your newly added Elisity CCC application, and select the configuration panel. We need to copy and save three credentials that we will use later. Locate and copy the following into your notepad:

URL: Issuer and General: Client ID and Client Secret

 

 

Next, scroll back up to the top of the configuration panel and click the edit icon.

 

 

Make sure that your application configuration matches below.

Response Type

  • Code: Selected - Token: Selected - ID Token: Selected 

Grant Type 

  • Authorization Token: Selected - Implicit: Selected - Refresh Token: Selected 

Redirect URIs

  • https://tenantname.elisity.io/api/v1/iam/login/oauth2/code/CR_ClientID
  • !!! REPLACE tenantname.elisity.io with your Cloud Control Center URL or IP
  • !!! REPLACE ClientID with the Client ID of the app that we copied in an earlier step

Token Endpoint Authentication Method 

  • Select: Client Secret Basic

Initiate Login URI

(Only required if you wish to initiate login from the PingIdentity Application Portal) 

  • https://teneantname.elisity.io/api/v1/iam/usermanagement/extidp/login
  • !!! REPLACE tenantname.elisity.io with your Cloud Control Center URL or IP.

 

 

Step 2 - Configure Supported User Roles in Ping

 

Next we will navigate to Identities -> Attributes on the left side menu.

 

Select DECLARED attribute type and click Next.

 

Fill out the following fields, and click Save and Close. Make sure the attribute name matches elisity-role as this is the attribute matched in Cloud Control Center. 

 

To define user roles that are matched in Cloud Control Center, navigate to Identities -> Users and select your user.

 

Edit the user's profile page, scroll down to the Elisity Role attribute, and enter the desired role for the selected user. We support two roles for customers - TenantAdmin and TenantUser. These attributes are matched by Cloud Control Center to grant login privileges.

 

TenantAdmin – This is role has full read/write access

TenantUser – This is a read only role that is only able to view data

Note: Be sure the attribute name matches the case above

 

Step 3 - Configure Ping Identity SSO in Cloud Control Center

 

Login to Cloud Control Center as an Administrator, and navigate to Administration -> Settings -> Security -> SSO Configuration. Select Ping, and enter the Client ID, Client Secret, and the Issuer ID that we saved in previous steps.

 

You should now be able to login to Cloud Control Center using SSO with Ping for users who have the appropriate attributes applied. Simply click "Login with SSO" and input user your credentials from Ping.