PingOne®
The PingOne® cloud platform from PingIdentity provides SSO identity management. Cloudflare Access supports PingOne as an OIDC identity provider.
Set up PingOne as an OIDC provider
- In your PingIdentity environment, go to Connections > Applications.
- Select Add Application.
- Enter an Application Name.
- Select OIDC Web App and then Save.
- Select Resource Access and add the email and profile scopes.
- In the Configuration tab, select General.
- Copy the Client ID, Client Secret, and Environment ID to a safe place. These ids will be used in a later step to add PingOne to Zero Trust.
- In the Configuration tab, select the pencil icon.
- In the Redirect URIs field, enter your team domain and select Save.
- In Zero Trust, go to Settings > Authentication.
- Under Login methods, select Add new.
- Select PingOne.
- Input the Client ID, Client Secret, and Environment ID generated previously.
- (Optional) Enable Proof of Key Exchange (PKCE). PKCE will be performed on all login attempts.
- (Optional) Under Optional configurations, enter custom OIDC claims that you wish to add to your Access application token.
- Select Save.
You can now test your connection and create Access policies based on the configured login method.
Example API configuration
{"config": {"client_id": "<your client id>","client_secret": "<your client secret>","ping_env_id": "<your ping environment id>"},"type": "ping","name": "my example idp"}