Ping Identity SSO

In this guide, you’ll learn how to set up Ping Identity authentication in Coalesce.

Ping Identity Administrator

You must be a Ping Administrator to complete this process.

Before You Begin

Check Your Subdomain

You'll need to make sure you have a subdomain for Coalesce.

Your subdomain is the subdomain of your Coalesce instance. For example, if you login at https://testapp.app.coalescesoftware.io/. Your subdomain is testapp. You can also check your subdomain by going to your organizations single sign-on settings.

If the Subdomain box in your settings is blank, you need to create a subdomain for your organization.

Single Sign-On configuration form header showing Authority and Subdomain fields with Other selected

Create a Ping Identity Application

In Ping go to the Applications page, and create a new application.
Give the application a name.
Select Single-Page as the Application Type.
Click Save.
After saving, you’ll be taken to the Application overview screen.
Click on Configuration, then edit.
Set the following confirmation options:
1. Select all options under Response Type:
  1. Code
  2. Token
  3. ID
2. Grant Type:
  1. Click Authorization Code
  2. PKCE Enforcement is Optional
  3. Click Implicit
3. Under Redirect URIs enter your Coalesce instance URL with login/callback added.
  1. https://<your Coalesce app domain>/login/callback
  2. For example: https://testapp.app.coalescesoftware.io/login/callback
4. The other configuration options can be left as default.
Click Save.
After saving, you’ll be taken to the Application overview screen.
Next, you’ll make sure your allowed scopes are set. Click on Resources, then edit.
Make sure the following scopes are set:
1. openid
2. email
3. profile
Make sure your application is turned on by toggling the switch near the X.

Gather Your Ping SSO Information

You are gathering your subdomain, Authorization Server, and OIDC clientID.

On the Application overview screen, click URLs to open a drop-down.
Copy the Authorization URL. You only need up to the /as. Leave off the trailing slash.
1. For example: https://auth.pingone.com/8d472703-1eaf-491b-a425-91aff175d01f/as.

Get your OIDC Client ID

On the Application overview screen, copy the Client ID.

Configure Coalesce Ping Settings

Log into Coalesce, and click on Org Settings.
Select Single Sign-On.
Set the Authority to Other.
Enter the Subdomain, for example testapp.
Enter the Authorization Server using the pingone URL. For example, https://auth.pingone.com/8d472703-1eaf-491b-a425-91aff175d01f/as.

Enter the OIDC clientID from the Overview Screen.

Single Sign-On configuration form with fields for Authority, Subdomain, Authorization Server, OIDC Client ID, and Server-Side Authorization toggle under Advanced Settings

Field	Description
Authority	The system being used for Single Sign On. Choose Other.
Subdomain	This will be the same as Subdomain. Not the entire URL.
Authorization Server	`https://auth.pingone.com/8d472703-1eaf-491b-a425-91aff175d01f/as`
Authorization Server for multi-tenant and multi- personal integrations	`https://login.microsoftonline.com/common/`
OIDC Client ID	OIDC clientID from the Overview Screen.
Server-Side Authorization	Toggle on to add an authorization URL. Use this when the authorization server blocks access to the OpenID configuration or token endpoints.
Authorization Endpoint	The authorization URL to redirect to.

Go to your SSO URL, which will be formatted like - https://mySubdomain.<app_domain> - and click on the Use Single Sign-On button to log in using SSO.

If instead of a button you see an error message, check to make sure you correctly entered all the fields in your Coalesce SSO settings. If the problem persists please reach out to our Support Team.

Before You Begin​

Check Your Subdomain​

Create a Ping Identity Application​

Gather Your Ping SSO Information​

Get your OIDC Client ID​

Configure Coalesce Ping Settings​