SSO IntegrationsTenants / Custom ProvidersSetup Guides

Ping Identity (OIDC) SSO Setup Guide

Descope supports SSO providers both with OIDC and SAML. This guide showcases how to integrate Ping Identity as an OpenID Connect (OIDC) SSO provider with a Tenant in Descope.

Configuration Steps

1. Tenant and SSO Setup

  • Begin by creating your tenant in Descope. Navigate to Authentication Methods under your tenant settings.
  • Select SSO, then choose OIDC from the available options.

SSO Provider in Descope

2. Ping Application Creation

  • Create an application within Ping Identity.

Ping Application Creation

  • Ensure your OIDC application is set to use Implicit Flow. Configure the redirect URI to include Descope's OAuth callback.
    • If you're a Pro or Enterprise users, this callback will utilize your own custom domain or CNAME.
    • For others: Use the default https://api.descope.com/v1/oauth/callback.

OIDC grant type in Ping

Ping Application Setup

3. Scope Configuration

  • Configure your Ping application to include the necessary scopes. At a minimum, you should have email and profile. Including phone is also beneficial to retrieve phone number information.

Ping Application Resources

Ping Application Scopes

4. Claims Setup

  • Ensure the correct claims are configured within your Ping application. As an example, these should include things like: given_name, family_name, email_verified, email, and phone_number.

Ping Application Claims and Attributes

Ping Application Claims and Attributes after config

You'll have to make sure that the attribute mapping in Ping matches what is in Descope. This ensures that the user information from Ping is correctly understood and utilized by Descope. The mapping can be found in the new tenant's settings in the Descope Console.

Descope Attribute Mapping

5. OIDC Configuration in Descope

  • Under your Tenant Settings in the Descope Console, proceed to configure OIDC with the details from your Ping Identity setup:
    • Input your SSO domain, this is the email domain of the users of your SSO-enabled tenant.
    • Enter Ping Identity as the Provider Name.
    • Insert the Client ID, Client Secret, and scopes (openid, email, profile, and phone) that you configured in Step 3.
    • Change the grant type to Implicit.
    • In the Connection Settings, input the authorization, token, userinfo, and JWKS endpoints provided by Ping.
    • Ensure that attribute mapping is correctly set up to match the claims provided by Ping. This should have been completed in Step 4.

Ping Client ID and Client Secret

Ping Endpoints

At the end of the configuration, it should look something like this:

End of Descope Configuration

6. Using SSO in Your Flow

  • Finally, use the SSO action within your Descope flow. Ping Identity will now serve as the SSO provider for all users associated with the specific tenant you configured.

By following these steps, you will have successfully set up Ping Identity as an OIDC provider using Implicit Flow in Descope.

Was this helpful?

Previous

Okta

Next

Use Descope with WebDev Platforms

On this page

Ping Identity (OIDC) SSO Setup GuideConfiguration Steps1. Tenant and SSO Setup2. Ping Application Creation3. Scope Configuration4. Claims Setup5. OIDC Configuration in Descope6. Using SSO in Your Flow