The PingOne® cloud platform from PingIdentity provides SSO identity management. Cloudflare Access supports PingOne as an OIDC identity provider.
Set up PingOne as an OIDC provider
- In your PingIdentity environment, navigate to Connections > Applications.
- Select Add Application.
- Enter an Application Name.
- Select OIDC Web App and then Save.
- Select Resource Access and add the email and profile scopes.
- In the Configuration tab, select General.
- Copy the Client ID, Client Secret, and Environment ID to a safe place. These ids will be used in a later step to add PingOne to Zero Trust.
- In the Configuration tab, select the pencil icon.
- In the Redirect URIs field, enter your team domain and select Save.
- In Zero Trust, navigate to Settings > Authentication.
- Under Login methods, select Add new.
- Select PingOne.
- Input the Client ID, Client Secret, and Environment ID generated previously.
- (Optional) Enable Proof of Key Exchange (PKCE). PKCE will be performed on all login attempts.
- Select Save.
You can now test your connection and create Access policies based on the configured login method.