Skip to main content

SSO Integration with PingIdentity

Integrating PingIdentity SSO with Your Goodworld Platform: Best Practices and Configuration Guide

Richie Kendall avatar
Written by Richie Kendall
Updated this week

Integrating Single Sign-On (SSO) with your enterprise platform is a critical step in ensuring seamless access and enhanced security for your users. PingIdentity, a leading identity and access management solution, offers comprehensive SSO capabilities that enable organizations to streamline authentication across multiple applications.

At Goodworld, we've built our platform to seamlessly integrate with PingIdentity SSO, ensuring a smooth and secure user experience. Here are the best practices for using and configuring the PingIdentity integration.

1. Understand the Basics of PingIdentity SSO

Before diving into the configuration, it's essential to understand the fundamental concepts of PingIdentity SSO:

PingOne: The cloud-based identity-as-a-service platform that provides comprehensive identity and access management.

SSO: Allows users to sign in once and access multiple applications without having to re-authenticate.

SAML 2.0 & OpenID Connect: Protocols supported by PingIdentity for SSO integrations, providing flexibility in implementation.

PingFederate: The on-premises federation server for organizations requiring hybrid or on-premises deployments.

2. Prepare Your PingIdentity Environment

Set Up Your PingOne Environment: If you don't have a PingOne environment, create one through the PingOne admin portal.

Configure Your Domain: Ensure your organization's domain is properly configured and verified in PingIdentity.

Review User Directory: Confirm that your user directory is properly synchronized with PingIdentity.

3. Register the Goodworld Application

Navigate to PingOne Admin Console: Access your PingOne administrative dashboard.

Create New Application: Click on "Applications" and then select "Add Application."

Choose Application Type: Select "Web App" as the application type.

Enter Application Details:

  • Application Name: "Goodworld SSO"

  • Description: "Goodworld platform SSO integration"

  • Category: Select appropriate category (e.g., "Productivity")

Configure Authentication Settings:

  • Grant Type: Authorization Code

  • Response Type: Code

  • PKCE: Enabled (recommended)

  • Redirect URI: https://api.cheerfulgiving.com/oauth/callback/pingidentity

  • Sign-off URL: https://api.cheerfulgiving.com/logout

Set Up Attribute Mapping: Configure user attributes that will be passed to Goodworld:

  • Email (required)

  • First Name

  • Last Name

  • User ID

Enable the Application: Save your configuration and enable the application.

Collect Configuration Details: Note down the following values:

  • Client ID

  • Client Secret

  • Environment ID

  • Authorization URL

  • Token URL

  • User Info URL

4. Configure the Goodworld Platform

Access SSO Settings: In your Goodworld admin dashboard, navigate to the SSO configuration section.

Enter PingIdentity Details: Provide the configuration details from your PingIdentity setup:

  • Client ID

  • Client Secret

  • Environment ID

  • Authorization Endpoint

  • Token Endpoint

  • User Info Endpoint

Map User Attributes: Configure how PingIdentity user attributes map to Goodworld user fields:

  • Email β†’ User Email

  • Given Name β†’ First Name

  • Family Name β†’ Last Name

  • Sub β†’ User ID

Enable SSO: Activate the PingIdentity SSO integration and save your configuration.

NOTE: 4.1 Using PingOne Application Portal

If users will access Goodworld through the PingOne Application Portal, additional configurations are required:

In Goodworld:

  1. Enter a "Login Redirect URL" - this is where users will land when accessing Goodworld through the PingOne portal

  2. Under "Fields to copy into PingIdentity", copy the value of "Application URL"

In PingIdentity:

  1. In the application configuration, update the "Home Page URL" with the value copied from Goodworld

  2. Ensure the application icon and description are configured for optimal user experience

5. Test the Integration

Perform Initial Tests: Conduct thorough testing with a test user account:

  • Test SSO login flow from Goodworld login page

  • Test login through PingOne Application Portal (if configured)

  • Verify user attributes are correctly mapped and populated

Troubleshoot Common Issues: Address potential problems such as:

  • Incorrect redirect URIs

  • Missing or incorrectly mapped user attributes

  • Certificate validation errors

  • Token expiration issues

Validate User Experience: Ensure the SSO flow is intuitive and seamless for end users.

6. Monitor and Maintain

Regular Audits: Periodically review your SSO configuration and PingIdentity settings to ensure they remain current and secure.

User Lifecycle Management: Establish processes for user provisioning and deprovisioning between PingIdentity and Goodworld.

Security Best Practices:

  • Enable multi-factor authentication (MFA) in PingIdentity

  • Regularly rotate client secrets

  • Monitor authentication logs for suspicious activity

  • Keep SSO protocols and configurations up to date

Performance Monitoring: Track SSO performance metrics and user adoption rates.

7. Advanced Configuration Options

Conditional Access: Leverage PingIdentity's risk-based authentication features for enhanced security.

Just-in-Time Provisioning: Configure automatic user provisioning based on SSO authentication.

Session Management: Fine-tune session timeout and single logout behaviors.

Custom Claims: Configure additional custom attributes to be passed from PingIdentity to Goodworld.

8. Documentation and Support

Document the Configuration: Maintain detailed records of your SSO setup, including:

  • Configuration steps taken

  • Custom attribute mappings

  • Any troubleshooting solutions implemented

  • Contact information for key stakeholders

Leverage Support Resources:

  • Utilize Goodworld's support team for platform-specific questions

  • Access PingIdentity's extensive documentation and community resources

  • Consider PingIdentity's professional services for complex implementations

User Training: Provide guidance to end users on the new SSO login process and any changes to their authentication experience.

Conclusion

Integrating PingIdentity SSO with Goodworld significantly enhances both user experience and security posture. By following these best practices, you ensure a robust setup that provides seamless authentication while maintaining the highest security standards. Regular monitoring, maintenance, and updates will help you maximize the benefits of your SSO integration.

The combination of PingIdentity's powerful identity management capabilities and Goodworld's platform creates a secure, user-friendly environment that enables your organization to focus on its core mission while maintaining enterprise-grade security.

For more detailed guidance and personalized support with your PingIdentity integration, feel free to schedule a chat with our success team.

Happy integrating!

Did this answer your question?