---
title: External Identity Provider Option
description: You can create an OIDC external identity provider resource and configure the identity provider to authenticate a user through a DaVinci flow.
component: pingone-api
page_id: pingone-api:auth:pingone-davinci/davinci-runtime-apis/pingflows-idp
canonical_url: https://developer.pingidentity.com/pingone-api/auth/pingone-davinci/davinci-runtime-apis/pingflows-idp.html
section_ids:
  pingone-prerequisites: PingOne prerequisites
  davinci-prerequisites: DaVinci prerequisites
---

# External Identity Provider Option

You can create an OIDC external identity provider resource and configure the identity provider to authenticate a user through a DaVinci flow.

|   |                                                                                                                                                                                                                                                                                                                                                                |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | In this scenario, for a DaVinci flow that executes as an external identity provider, the DaVinci flow does not need to be configured and designated as a PingOne initiated flow. For information about designating a flow as a PingOne flow, refer to [DaVinci flow settings configuration](../davinci-runtime-apis.html#davinci-flow-settings-configuration). |

## PingOne prerequisites

In PingOne, you'll create the following resources:

* an application

* an OIDC external identity provider

* a sign-on policy

* a login sign-on policy action

* an authorize request

## DaVinci prerequisites

In DaVinci, you'll create the following resource. You will use the IDs for these resources to configure the PingOne OIDC external identity provider endpoint:

* A DaVinci application with its OIDC `redirect_URI` property set to `https://auth.pingone.com/{{environmentID}}/rp/callback/openid_connect`.

* A DaVinci flow.

* A DaVinci flow policy associated with the DaVinci flow and app.

In this scenario, a PingOne authorize request initiates the sign-on flow. The PingOne sign-on policy action includes a `socialProviders` property that identifies the OIDC external identity provider resource's ID. The sign-on screen presents the user with the option to sign on with their PingOne credentials, or click a **Sign-on With DaVinci** button to redirect into the DaVinci flow for user authentication. The use case referenced below links to a multi-step workflow that shows all of the PingOne resource configuration steps.