PingOne

Configuring an adapter instance

Configure the PingAM IdP Adapter to determine how PingFederate communicates with PingAM.

About this task

To begin the integration, deploy the PingAM Integration Kit files to your PingFederate directory.

Steps

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters and click Create New Instance.

  2. On the Type tab, set the basic adapter instance attributes:

    1. In the Instance Name field, enter a name for the adapter instance.

    2. In the Instance ID field, enter a unique identifier for the adapter instance.

    3. In the Type list, select PingAM IdP Adapter. Click Next.

  3. (Optional) On the IdP Adapter tab, in the Simple Parameter Mappings section, select pre-defined parameters to send from PingFederate to PingAM.

    • If you have configured an OAuth client in PingAM and provided the Client ID and Client Secret, the adapter sends your Simple Parameter Mappings and Advanced Parameter Mappings to PingAM.

      In PingAM, you can access these parameters by configuring your flow’s input schema to expect the Parameter Name values you define in steps 3b and 4b.

    • You can find more information about other input parameter options in the Parameter reference in the PingFederate SDK documentation and Extended properties in the PingFederate documentation.

    1. Click Add a new row to 'Simple Parameter Mappings (optional)'.

    2. In the Parameter Name field, enter a key name to use when sending the parameter to PingAM.

      For example, appName.

    3. In the Source list, select the pre-defined parameter you want to send.

      For example, Application Name.

    4. In the Action column, click Update.

    5. To add more attributes, repeat steps a - d.

  4. (Optional) On the IdP Adapter tab, in the Advanced Parameter Mappings section, define custom parameters to send from PingFederate to PingAM.

    1. Click Add a new row to 'Advanced Parameter Mappings (optional)'.

    2. In the Parameter Name field, enter a key name to use when sending the parameter to PingAM.

      For example, trackedParameters.

    3. In the Source Type list, select the type of parameter you want to send.

      For example, Tracked HTTP Request Parameters.

      The following options are available:

      Chained attributes

      The attributes that are made available by the other adapters and selectors in your PingFederate authentication policy.

      Extended properties

      These parameters store additional information about connections, OAuth clients, or both. You can find more detail in Extended properties in the PingFederate documentation.

      Request claims

      The claims PingFederate recieved within an OAuth/OpenID Connect Request Object or the parameters of a pushed authorization request.

      Tracked HTTP request parameters

      The tracked HTTP request parameters that were included in the initial HTTP request of the current transaction.

    4. In the Source Parameter field, enter the exact name of the parameter that you want to send to PingAM. The parameter must be available to the adapter from the Source Type that you selected.

      Leave this field empty to send all parameters of the Source Type.

    5. In the Action column, click Update.

    6. To add more attributes, repeat steps a - e.

  5. (Optional) On the IdP Adapter tab, in the Journey Response Mappings section, map attributes from the PingAM response to the attribute contract:

    1. Click Add a new row to 'Journey Response Mappings (optional)'.

    2. In the Local Attribute field, enter a name of your choosing for an attribute.

    3. In the Journey Attribute Mapping field, map the local attribute to a remote attribute using JSON pointer syntax.

      Learn more about JSON pointer syntax in RFC 6901.

    4. In the Action column, click Update.

    5. To add more attributes, repeat steps a - d.

      These attributes become available in your PingFederate authentication policy.

  6. On the IdP Adapter tab, configure the adapter instance by referring to PingAM IdP Adapter settings reference. Click Next.

  7. On the Extended Contract tab, add any attributes that you included in the PingAM Response Mappings section of the IdP Adapter tab. Click Next.

  8. On the Adapter Attributes tab, set pseudonym and masking options as shown in Set pseudonym and masking options in the PingFederate documentation. Click Next.

  9. On the Adapter Contract Mapping tab, configure the contract fulfillment details for the adapter as shown in Define the IdP adapter contract in the PingFederate documentation. Click Next.

  10. On the Summary tab, review your configuration. Click Save.

Next steps

Review Preparing to use a PingAM journey.