PingOne

Overview of the SSO flow

The following figure illustrates an example single sign-on (SSO) process flow.

A diagram illustrating a typical sign on process leveraging the integration kit.

In summary:

  1. A user initiates the sign-on process by requesting access to a protected resource.

  2. If PingFederate detects that the PingAM cookie is not present, it gets an access token using the OAuth credentials, then initializes a backchannel authentication using the access token, and uses the redirect URI returned to send the user to orchestrate authentication. It also appends a PingFederate URL as a request parameter to resume the flow post-login.

    If a session cookie is present, PingFederate makes a backchannel request to get session information from PingAM.

  3. On a success, PingFederate extracts session information from the JSON response provided by PingAM and generates a SAML assertion.

  4. PingFederate redirects the user to the protected resource and configures the SAML assertion. The user is granted access.