PingOne SSO
The following guide takes you thorough the process of enabling passwordless biometric authentication on PingOne SSO to provide enhanced password less authentication experience to applications
Following is a short video to demonstrate Keyless authentication experience to PingOne Enduser Portal.
Keyless Authentication to PingOne End User Portal
In our next short video we'll go over the process of enrolling a PingOne user to Keyless
Our final short clip is to demonstrate the initial login with Keyless to PingOne where a linked account is created on PingOne. This is a one time only step: once the accounts are linked authentication process works as shown on our very first clip
Logon to PingOne Admin console for your environment.
- Create an External Identity Provider
- Select the Custom option to create an OpenID Connect IdP
- Fill in IdP profile details
- Provide OIDC Connection details
- Client ID: Provided by Keyless Account team
- Client Secret:
- OIDC Discover Document URI: Provided by
- Click on Use Dicovery Document link to populate OIDC endpoints
- Fill in OIDC scopes: openid profile email
- Make a note of the callback URL generated by PingOne: This will be required by Keyless Account team
- Provide OIDC attribute mapping between PingOne & Keyless IdP
- Note that Keyless IDP will return username in preferred_username attribute on teh incoming claim
- Enable Exernal IdP just created
- Summary of Configuration on Keyless IdP
OIDC Connection configuration summary
OIDC Attribute mapping
- Update Authentication Policy to include Keyless External IdP
- Under Experiences-> Authenticaiton Policies -> Single Factor Add Keyless External IDP as a IdP to be presented on Login
This completes configuration of Keyless as External Identity Provider
For enrolment with keyless we'll need to create a new Application on PingOne for Keyless OIDC Service provider.
- Create an OIDC application of type Web App
- Select OIDC and click on Configure link/button to continue to OIDC configuration
- Provide a name, optionally a description and an icon that can be uploaded
- Enter OIDC redirect URL provided by Keyless
- Configure OIDC scopes: openid, profile & email
- Configure Attribute mapping: preferred_username is the outbound attribute that would be populated with users email address as below:
- On completion OIDC application configuration would look like the following, relevant items highlighted below can be edited and saved here
This completes the OIDC Service Provider/ Keyless Enrolment end of configuration.
From a webrowser navigate to the enrolment URL provided by Keyless account team. Browser will follow redirect an take you to PingOne Logon page where you'll need to authenticate with PingOne credentials:
- On succesful authentication browser gets redirected to Keyless enrolment site where you can enroll your mobile device by scanning the QR code displayed on screen
From a web briwser navigate to an application secured using PingOne SSO solution e.g. PingOne Application Portal URL: https://apps.pingone.com/<<your-tenant-id>>/myapps/
- Authenticate with Keyless option on the logon screen will initiate passwordless authentication with Keyless
- Your enrolled mobile device will receive a notification to perfrom a biometric authentication
- On initial logon with Keyless PingOne performs account linking and you may have to enter your password
Last modified 3mo ago