Integration with PingOne provides visibility about your PingOne users, groups, roles, and the applications they can access. After integration, Authomize provides visibility into PingOne and the applications enabling improved identity security and automated access reviews.
Integration requires the following steps:
- Set up a PingOne application.
- Use the relevant OIDC application credentials to integrate with Authomize.
Set Up a PingOne Application
For more information, see https://docs.pingidentity.com/r/en-us/pingone/p1_add_app_worker
- Log into PingIdentity as an admin.
- Select an environment in which to create the application, for example, “Administrators.”
- From the selected environment, select Applications, then click +.
- In the Add Application dialog, enter these:
- Application Name
- Description (optional)
- Icon (optional)
- For Application Type, select Worker, then click Save.
The new application is displayed. - Select the Roles tab then click Grant Roles.
- From the Available responsibilities list, select the Configuration Read Only role.
- Click the down-arrow and select the box
- Scroll to find the Identity Data Read Only role.
- Select all environments, minimally one.
If you select only one, it’s best to select Administrators.
- Click Save.
- Select the toggle to enable the new environment:
- Select the Configuration tab.
From here, you will copy the information needed to enable the integration:
Integrate PingOne with Authomize
You will use the application's OIDC credentials to enable the integration in Authomize.
Prerequisites
- You can access Authomize as a system administrator.
- You have the PingOne Token endpoint, Client ID, and Client secret created in the previous procedure.
- Log into Authomize.
- From the main menu, choose Integrations.
- Click Add New App and choose Ping Identity.
The Integrate Ping Identity dialog is displayed: - In the Integrate Ping Identity dialog, follow these steps:
- Skip step 1.
- For step 2, copy data from the PingOne Configuration tab of the newly-created environment and paste it in the appropriate fields:
- Client ID (from Ping Identity A)
- Client Secret (from Ping Identity B)
- Ping Token Endpoint (from Ping Identity C)
You may need to expand the URLs to reveal the endpoint URL.
- (Optional) You can enter a unique name for this integration. By default, the integration will be named Ping Identity.
- (Optional) Select a current Authomize user as the app owner.
- Click Create.
The Ping Identity tile is displayed as a connected app. The synchronization process begins, and its status will be shown when it is completed.
Data
- Users
- Groups
- Roles
- Applications
- Environments
- Identity providers
- Activities - login