An external identity provider configuration in PingOne to support a SAML identity provider allows users to authenticate and gain access to application resources using a SAML sign-on flow and credentials.

The SAML identity provider’s verification certificate and the signing key can be imported using the PingOne certificate management service. For information about importing certificates, see Certificate management.

This scenario illustrates the following operations supported by the PingOne APIs:

Workflow order of operations

To create a sign-on policy that supports a SAML external identity provider, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{environmentId}/certificates to upload the SAML external identity provider’s verification certificate and (optionally) to /environments/{environmentId}/keys to upload the signing key.

  2. Make a POST request to /environments/{environmentId}/identityProviders to create the SAML identity provider configuration.

  3. Make a POST request to /environments/{environmentId}/populations to create a population for users who will use their SAML credentials to sign on.

  4. Make a POST request to /environments/{environmentId}/signOnPolicies to create a new sign-on policy.

  5. Make a POST request to /environments/{environmentId}/signOnPolicies/{policyId}/actions to create a new LOGIN sign-on policy action, which is associated with the new sign-on policy.

Click the Run in Postman button below to download the Postman collection for this use case.

Run in Postman