# SSO With Ping Identity (OIDC) ### Overview This guide describes how to set up Ping Identity single sign-on (SSO) to manage authentication for StrongDM. After setup is complete, users logging in to StrongDM will be redirected to Ping Identity to perform the login. {% hint style="info" %} StrongDM's SSO integration has been tested and is officially supported with PingFederate, a product within the Ping Identity suite. Although it may also work with other Ping Identity products, these configurations have not been formally tested and are not officially supported at this time. {% endhint %} ### Prerequisites To get started, make sure the following conditions are met: * In Ping Identity, you must have elevated privileges or be an administrator with the ability to manage application settings. * In StrongDM, your permission level must be set to Administrator. ### Steps {% hint style="info" %} We recommend that you keep both Ping Identity and the Admin UI open in your browser so you can easily tab between them. {% endhint %} #### Create the Ping Identity app Please note that the following is a general guideline, and your app creation steps in Ping Identity may differ. For information about Ping Identity app configuration, please see the Ping Identity documentation. 1. In the PingFederate administrative console, create an OpenID Connect (OIDC) application. 2. Note the values for the client ID and client secret, as you need them when setting up the integration in StrongDM. 3. Copy the app's Ping Identity domain (for example, `https://pingfederate.organization-name.us2.ping.cloud`), which is the single sign-on URL in the next step. 4. Ensure that each user who should use StrongDM is assigned access to your app. #### Configure StrongDM 1. Log in to the StrongDM Admin UI. 2. Go to **Settings** > **User Management**. Click the lock icon to make changes, and then enter your Ping Identity app details in the **Single Sign-on** section. 3. For **Provider**, select **Ping Identity (OIDC)**. 4. For **Single sign-on URL**, enter your Issuer URL (for example, `https://pingfederate.organization-name.us2.ping.cloud`). 5. For **Client ID**, paste your client ID. 6. For **Client Secret**, paste your client secret. 7. Select your desired [general SSO settings](https://docs.strongdm.com/admin/principals/sso) and click **Save**. Configuration is now complete. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/principals/sso/ping-identity-oidc.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.