An external identity provider configuration in PingOne to support a SAML identity provider allows users to authenticate and gain access to application resources using a SAML sign-on flow and credentials.
The SAML identity provider’s verification certificate and the signing key can be imported using the PingOne certificate management service. For information about importing certificates, see Certificate management.
This scenario illustrates the following operations supported by the PingOne APIs:
Workflow order of operations
To create a sign-on policy that supports a SAML external identity provider, the following tasks must be completed successfully:
Make a POST
request to /environments/{{envID}}/certificates
to upload the SAML external identity provider’s verification certificate and (optionally) to /environments/{{envID}}/keys
to upload the signing key.
Make a POST
request to /environments/{{envID}}/identityProviders
to create the SAML identity provider configuration.
Make a POST
request to /environments/{{envID}}/populations
to create a population for users who will use their SAML credentials to sign on.
Make a POST
request to /environments/{{envID}}/signOnPolicies
to create a new sign-on policy.
Make a POST
request to /environments/{{envID}}/signOnPolicies/{{policyID}}/actions
to create a new LOGIN sign-on policy action, which is associated with the new sign-on policy.
Click the Run in Postman button below to download the Postman collection for this use case.