PingOne Platform APIs

SAML Sign-On

This activity shows you how to create a basic PingOne sign-on flow for a SAML application.

This solution uses group access control properties set on the application. This is associated with a PingOne group to control access. The request descriptions for creating the SAML application and the user group provide more details on how to configure access control in this workflow. For general information about access control, refer to Control access to applications through roles and groups.

The following operations are supported by the PingOne APIs:

  • Create a group

  • Create a SAML application

  • Create a sign-on policy

  • Create a login sign-on policy action

  • Create a user

  • Initiate a SAML authorize request

  • Use flow APIs to complete the login

Workflow order of operations

To configure a basic PingOne sign-on flow for a SAML application, you must complete the following tasks:

  1. Make a POST request to /environments/{{envID}}/groups to create a new group resource.

  2. Make a POST request to /environments/{{envID}}/applications to add a new SAML application to the specified environment.

  3. Make a POST request to /environments/{{envID}}/signOnPolicies to create a new sign-on policy.

  4. Make a POST request to /environments/{{envID}}/signOnPolicies/{{policyID}}/actions to define the login action associated with this sign-on policy.

  5. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to associate the sign-on policy with the application.

  6. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  7. Make a POST request to /environments/{{envID}}/users to create a user to assign to the new population resource.

  8. Make a PUT request to /environments/{{envID}}/users/{{userID}}/password to set the new user’s password.

  9. Make a POST request to /{{envID}}/saml20/idp/sso to obtain an authorization grant. This request starts the SAML authorization flow.

  10. Make a GET request to /{{envID}}/flows/{{flowID}} to initiate the sign-on flow.

  11. To complete the login action, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user’s login credentials.

  12. Make a GET request to /{{envID}}/saml20/resume?flowId={{flowID}} to call the SAML resume endpoint and return an encoded SAMLResponse.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman