SSO With Ping Identity (OIDC)

Last modified on September 3, 2024

Overview

This guide describes how to set up Ping Identity single sign-on (SSO) to manage authentication for StrongDM. After setup is complete, users logging in to StrongDM will be redirected to Ping Identity to perform the login.

Prerequisites

To get started, make sure the following conditions are met:

  • In Ping Identity, you must have elevated privileges or be an administrator with the ability to manage application settings.
  • In StrongDM, your permission level must be set to Administrator.

Steps

Create the Ping Identity app

Please note that the following is a general guideline, and your app creation steps in Ping Identity may differ. For information about Ping Identity app configuration, please see the Ping Identity documentation.

  1. In the PingFederate administrative console, create an OpenID Connect (OIDC) application.
  2. Note the values for the client ID and client secret, as you need them when setting up the integration in StrongDM.
  3. Copy the app’s Ping Identity domain (for example, https://pingfederate.organization-name.us2.ping.cloud), which is the single sign-on URL in the next step.
  4. Ensure that each user who should use StrongDM is assigned access to your app.

Configure StrongDM

  1. Log in to the StrongDM Admin UI.
  2. Go to Settings > User Management. Click the lock icon to make changes, and then enter your Ping Identity app details in the Single Sign-on section.
  3. For Provider, select Ping Identity (OIDC).
  4. For Single sign-on URL, enter your Issuer URL (for example, https://pingfederate.organization-name.us2.ping.cloud).
  5. For Client ID, paste your client ID.
  6. For Client Secret, paste your client secret.
  7. Select your desired general SSO settings and click Save.

Configuration is now complete.