This article covers how to integrate Single Sign-On (SSO) via PingFederate as your Identity Provider (IDP) for The Global Work Platform. This integration allows your users to securely log in using PingFederate for a seamless and centralized experience.

High-Level Steps for PingFederate SSO Integration

To integrate PingFederate SSO with The Global Work Platform, follow these key steps:
First, an admin must configure a Service Provider (SP) connection in PingFederate. Next, retrieve the necessary SSO secrets and Client ID. Then, securely send these credentials to Pebl for configuration. Finally, ensure the application is properly displayed and assigned to users for easy access.

Step 1. Admin Configures PingFederate SP Connection

To initiate the SSO configuration, your team will need to set up a Service Provider (SP) connection in your PingFederate or PingOne environment. If your team is not the PingFederate admin, please provide us with their contact information so we can coordinate setup.

At a minimum, please configure the following redirect URIs:

• Sign-in redirect URIs: https://cloud.hellopebl.com/login/oidc/*

• Sign-out redirect URIs: https://cloud.hellopebl.com/logout

Once the application is created, you can edit it to add a name, icon, sign-on URL, and client-specific settings. For more guidance, see:
Adding an application in PingOne
Editing an OIDC application in PingOne

Step 2. Retrieve SSO Secrets and Client ID

To proceed with the integration, we will need the Client ID and Client Secret associated with your newly created application.

Steps to Retrieve the Client ID and Client Secret

1. Visit the PingOne Admin Console and log in with your administrator credentials.

2. Navigate to Applications > Applications.

3. Locate and select the application you created for The Global Work Platform.

4. On the Configuration tab:

   • Copy the Client ID.

   • Reveal and copy the Client Secret.

If needed, you can generate a new Client Secret and revoke the previous one.

Step 3. Send Secrets to Pebl

Once you've retrieved both the Client ID and Client Secret, please open a request using our Customer Request form and select Account and System Support for The Global Work Platform as the topic.

After you submit the form, our team will reach out to schedule a secure time to collect the necessary details and complete the integration.

Do not include the Client Secret in the form.

Step 4. Display Application to End Users

To ensure users can easily access the application via your identity platform, make sure your new app is visible to the appropriate user groups and assigned as needed within your PingFederate or PingOne configuration.

For specific instructions on enabling user access and customizing application visibility, please refer to your internal PingFederate or PingOne documentation or consult with your Ping admin team.