External Identity Provider Option
You can create an OIDC external identity provider resource and configure the identity provider to authenticate a user through a DaVinci flow.
|
In this scenario, for a DaVinci flow that executes as an external identity provider, the DaVinci flow does not need to be configured and designated as a PingOne initiated flow. For information about designating a flow as a PingOne flow, refer to DaVinci flow settings configuration. |
PingOne prerequisites
In PingOne, you’ll create the following resources:
-
an application
-
an OIDC external identity provider
-
a sign-on policy
-
a login sign-on policy action
-
an authorize request
DaVinci prerequisites
In DaVinci, you’ll create the following resource. You will use the IDs for these resources to configure the PingOne OIDC external identity provider endpoint:
-
A DaVinci application with its OIDC
redirect_URIproperty set tohttps://auth.pingone.com/{{environmentID}}/rp/callback/openid_connect. -
A DaVinci flow.
-
A DaVinci flow policy associated with the DaVinci flow and app.
In this scenario, a PingOne authorize request initiates the sign-on flow. The PingOne sign-on policy action includes a socialProviders property that identifies the OIDC external identity provider resource’s ID. The sign-on screen presents the user with the option to sign on with their PingOne credentials, or click a Sign-on With DaVinci button to redirect into the DaVinci flow for user authentication. The use case referenced below links to a multi-step workflow that shows all of the PingOne resource configuration steps.