You can also initiate the authentication session the SAML single sign-on action through a POST request. The following sample shows the POST /{environmentId}/saml20/idp/sso operation to start the sign-on flow:

The request URL includes the SAMLRequest parameter to pass in the encoded SAML authentication request information. Here is a sample SAML <AuthnRequest> in plain text:


For SAML assertions, PingOne supports the following Subject NameID formats:

Format Description
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified The Subject’s NameID format is not specified.
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress The Subject’s NameID format is in the form of an email address.
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent The Subject’s NameID format is an opaque unique identifier for a user that retains the same value over time.
urn:oasis:names:tc:SAML:2.0:nameid-format:transient The Subject’s NameID format is a randomly generated identifier. A different value is used for each SSO for a given user.