Add Ping Identity as a single sign-on provider


Prerequisites:
  • Single Sign-on > Provider > Add, Delete, Edit, View permissions
  • Admin role in your organization’s Ping Identity account
  • User email addresses are the same in both Ping Identity and Genesys Cloud

Add Genesys Cloud as an application that organization members can access with the credentials to their Ping Identity account.

Notes:
  • Genesys Cloud does not support assertion encryption for single sign-on third-party identity providers. The Genesys Cloud log in service requires Transport Layer Security (TLS). Since the channel is encrypted, there is no need to encrypt parts of the message.
  • Administrators can optionally disable the default Genesys Cloud login and enforce authentication using an SSO provider only. For more information, see Configure Genesys Cloud to authenticate with SSO only.

Configure Ping Identity

Create a custom Genesys Cloud application

  1. In PingOne admin, click the My Applications tab.
  2. Click Add Application.
  3. Click New SAML Application.
  4. In the Application Details screen, complete the following fields. Leave the remaining fields blank or at the default settings.
    In this field… Do this…
    Application Name Type your Genesys Cloud application name.
    Application Description Type a short description of the application.
    Category From the list, select Collaboration.
  5. In the Application Configuration screen, complete the following fields. Leave the remaining fields blank or at the default settings.

    In this field… Do this…
    Protocol Version Click SAML v2.0.
    Assertion Consumer Services (ACS) Type the URL for the AWS region where your Genesys Cloud organization is located:
    US East (N. Virginia): https://login.mypurecloud.com/saml
    US West (Oregon): https://login.usw2.pure.cloud/saml
    Canada (Canada Central): https://login.cac1.pure.cloud/saml
    EU (Frankfurt): https://login.mypurecloud.de/saml
    EU (Ireland): https://login.mypurecloud.ie/saml
    EU (London): https://login.euw2.pure.cloud/saml
    Asia Pacific (Seoul): https://login.apne2.pure.cloud/saml 
    Asia Pacific (Sydney): 
    https://login.mypurecloud.com.au/saml
    Asia Pacific (Tokyo): https://login.mypurecloud.jp/saml
    Entity ID Type a unique string that you want to use to identify the Entity ID, for example: mypurecloud.com/ping
    Single Logout Binding Type Click Redirect.
    Signing Algorithm From the list, select RSA_SHA256.
  6. In the SSO Attribute Mapping screen, add these attributes.

    For this attribute… Do this…
    OrganizationName

    1. Type your Genesys Cloud organization short name.
    2. Select the As Literal check box.
    3. Select the Required check box.

    SAML_SUBJECT Type Email.
    ServiceName

    (Optional). A valid URL for the browser to be redirected to after successful authentication, or one of the following keywords:

    • directory (redirects to the Genesys Cloud Collaborate client)
    • directory-admin (redirects to the Genesys Cloud Admin UI)
  7. Click Save and Publish.

Get the certificate for Genesys Cloud configuration

  1. In the My Applications tab, click the Genesys Cloud application name to view the application details.
  2. Next to Signing Certificate, click Download
  3. Open the certificate file with a plain text editor and do the following steps:
    1. Delete the -----BEGIN CERTIFICATE------ and ------END CERTIFICATE----- lines.
    2. Save the certificate file.
Note: You can also download the SAML Metadata file at this time.

    Configure Genesys Cloud

      1. In Genesys Cloud, click Admin.
      2. Under Integrations, click Single Sign-on.
      3. Click the Ping Identity tab.
      4. Enter the Identity Provider metadata gathered from PingOne.
        In this field… Do this…
        Certificate

        1. Click Browse.
        2. Select the certificate you saved and click Open.

        Issuer URI

        1. In PingOne admin, click the My Applications tab to view the application details for your Genesys Cloud application.
        2. Download the SAML Metadata file and open it in a text editor.
        3. Copy and paste the entityID, for example, https://pingone.com/idp/mypurecloud

        Target URI

        1. Type this string:  https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid= 
        2. In the application details for your Genesys Cloud application, find the idpid.
        3. Copy and paste the idpid to the string, for example: https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=fa60b90a-5b95-487c-807c-965de1f5db95

        Relying Party Identifier

        1. In the application details for your Genesys Cloud application, find the entityID.
        2.
        Copy and paste the entityID, for example: mypurecloud.com/ping

        Note: The entityID in the SAML Metadata file and the entity ID in the application details for your Genesys Cloud application have different values and functionality.
      5. Click Save.