Skip to main content

Ping Identity SSO

In this guide, you’ll learn how to set up Ping Identity authentication in Coalesce.

Ping Identity Administrator

You must be a Ping Administrator to complete this process.

Create a Ping Identity Application

  1. In Ping go to the Applications page, and create a new application.

  2. Give the application a name.

  3. Select Single-Page as the Application Type.

  4. Click Save.

    Add new application in Ping Identity

  5. After saving, you’ll be taken to the Application overview screen.

  6. Click on Configuration, then edit.

  7. Set the following confirmation options:

    1. Select all options under Response Type:
      1. Code
      2. Token
      3. ID
    2. Grant Type:
      1. Click Authorization Code
      2. PKCE Enforcement is Optional
      3. Click Implicit
    3. Under Redirect URIs enter your Coalesce instance URL with login/callback added.
      1. https://<your Coalesce app domain>/login/callback
      2. For example: https://testapp.app.coalescesoftware.io/login/callback
    4. The other configuration options can be left as default.

  8. Click Save.

  9. After saving, you’ll be taken to the Application overview screen.

  10. Next, you’ll make sure your allowed scopes are set. Click on Resources, then edit.

  11. Make sure the following scopes are set:

    1. openid
    2. email
    3. profile
    Required Ping scopes

  12. Make sure your application is turned on by toggling the switch near the X.

Gather Your Ping SSO Information

You are gathering your subdomain, Authorization Server, and OIDC clientID.

  1. On the Application overview screen, click URLs to open a drop-down.

    Ping URLs screen

  2. Copy the Authorization URL. You only need up to the /as. Leave off the trailing slash.

    1. For example: https://auth.pingone.com/8d472703-1eaf-491b-a425-91aff175d01f/as.

Get your Subdomain

Your subdomain is the subdomain of your Coalesce instance. For example, if you login at https://testapp.app.coalescesoftware.io/. Your subdomain is testapp. You can also check your subdomain by going to your organizations single sign-on settings. If the Subdomain box in your settings is blank, you need to create a subdomain for your organization.

Get your OIDC Client ID

  1. On the Application overview screen, copy the Client ID.
Ping OIDC Client ID

Configure Coalesce Ping Settings

  1. Log into Coalesce, and click on Org Settings.
  2. Select Single Sign-On.
  3. Set the Authority to Ping.
  4. Enter the Subdomain, for example testapp.
  5. Enter the Authorization Server using the pingone URL. For example, https://auth.pingone.com/8d472703-1eaf-491b-a425-91aff175d01f/as.
  6. Enter the OIDC clientID from the Overview Screen.
  7. Click Save.
Coalesce SSO settings

Congratulations. You should be able to select Single-Sign On next time you login to Coalesce.