PingOne Cloud (Enterprise)
The PingOne Cloud for Enterprise suite provides single sign-on (SSO) and identity management for cloud-based applications.
The following sections explain prerequisites, resources, and instructions for integrating with SaaS Management.
Stored Information for PingOne Cloud (Enterprise)
The following table describes the available integration tasks and stored data within SaaS Management.
| Available Integration Tasks | Information Stored |
|---|---|
| Application Roster | User ID First Name Last Name Active Date |
| Application Access | User ID Occurred (Last Login) |
| Application Discovery | Application ID Application Name |
| SSO Application Roster | User ID First Name Last Name SSO Name SSO Application ID The SSO Name is the name of the application managed by the SSO provider. |
| SSO Application Access | User ID Occurred SSO Name SSO Display Name SSO Application ID Note the following: The SSO Name is the name of the application managed by the SSO provider. The SSO Display Name is the display name of the application managed by the SSO provider. Depending on the application, the SSO Name and SSO Display Name may appear the same or different. Therefore, both names are stored in SaaS Management. |
The information stored is subject to change as enhancements are made to the SaaS application.
Required Minimum Permissions for PingOne Cloud (Enterprise)
Global Administrator access is required to generate or renew an API key. For more information, see PingIdentity’s documentation topic, View or Renew Directory API Credentials.
Authentication Method for PingOne Cloud (Enterprise)
The Basic authentication method is required.
Required Credentials for PingOne Cloud (Enterprise)
The following credentials are required:
-
Client ID
-
API Key
-
Account Username
-
Account Password
-
Region
-
Poll Subscription ID.
Integrating PingOne Cloud (Enterprise) With SaaS Management
Complete the following steps to integrate PingOne Cloud (Enterprise) with SaaS Management.
-
Sign in to the PingOne admin portal with your PingOne Account Username and Account Password.
-
To obtain your API credentials (Client ID and API Key), go to Setup and select Directory Settings > API Credentials.
-
To add a poll subscription, go to Dashboard and select Reporting > Subscriptions.
-
In the Subscriptions tab, click Add Subscription and enter the following.
- Enter a Subscription Name.
- For Type, enter
SSO. - For Subscription Type, enter
Poll. - For Batch Size, enter
1000(maximum value). - Click Done.
-
Select the poll subscription you have added and click the expand icon on the right to display the details.
-
Copy the Poll URL to obtain the Poll Subscription ID.
Example Poll URL: https://admin-api.pingone.com/v3/reports/d71ffd5b-97aa-47fb-b741-a9fa350dca71/poll-subscriptions/271ec0c3-f707-4e0f-9249-4bca0dcf8cac/events
The Poll Subscription ID is the value that follows
poll-subscriptionsin the Poll URL. For our example, the value is271ec0c3-f707-4e0f-9249-4bca0dcf8cacFor more information, see PingIdentity’s community topic: PingOne Poll Subscription for SSO Audit Reports Without Admin Credentials
-
In SaaS Management, add the PingOne application. For more information, see Adding an Application.
noteFor the integration task SSO Application Access:
- Audit events are kept for 7 days and then discarded.
- The API is read only one time. After audit events are consumed, they cannot be retrieved again.
-
Copy and paste the following PingOne information in SaaS Management.
-
API Key
-
Client ID
-
Poll Subscription ID
-
-
Click Authorize.
After the Application Discovery integration task has been enabled after 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For more information, see Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.
API Endpoints for PingOne Cloud (Enterprise)
Application Roster and Application Access
https://directory-api.pingone.com/api/directory/user
Application Discovery
https://admin-api.pingone.com/v3/applications/templates/available/<Account ID>
Account ID is the same as Client ID.
SSO Application Roster
https://directory-api.pingone.com/api/directory/user
https://admin-api.pingone.com/v3/reports/<Account ID>/poll-subscriptions/<Poll Subscription ID>/events
SSO Application Access
https://admin-api.pingone.com/v3/reports/<Account ID>/poll-subscriptions/<Poll Subscription ID>/events