Ping Identity (PingOne SSO)


Achieve a truly frictionless login experience with Youverse Single Sign-On (SSO). To login with Youverse, you need a username and a selfie, and that’s it! No more passwords to worry about.

This guide details the required steps to setup Youverse as an external identity provider in Ping Identity (PingOne SSO instance).

With this integration you can easily add a passwordless login option for all your PingOne enabled apps using Youverse SSO.

Prerequisites

  1. A PingOne SSO account. Sign up for a free trial here.
  2. A PingOne application that you want to add authentication to.
  3. Send an e-mail to support@youverse.id requesting a SSO PingOne integration account and provide your app name. You will receive a unique identifier for the registered app and also a secret (Client ID and Client Secret). Make note of these values, you will need them later.

Add the Youverse SSO Integration

To integrate Youverse SSO with your PingOne instance, follow the steps below.

  1. From your PingOne admin console click on Connections > External IDPs.
  2. Click on the Add Provider button.
  3. In the identity provider selection screen, select the custom option OPENID CONNECT.
  4. Fill in the profile details:
    • NAME - Enter a name for this connection (e.g. "Youverse").
    • DESCRIPTION - Provide a description for this connection (e.g. "Youverse SSO Face Authentication").
    • ICON - You can download the Youverse icon here.
  5. Click Continue.
  6. Fill in the connection details:
    • CLIENT ID - Paste the Client ID received from Youverse.
    • CLIENT SECRET - Paste the Client Secret received from Youverse.
    • CALLBACK URL - Please make note of this URL and share it with Youverse.
    • DISCOVERY DOCUMENT URI - https://accounts.youverse.id/.well-known/openid-configuration.
      • Click on the Use Discovery Document button to populate OIDC endpoints.
    • REQUESTED SCOPES - Enter “openid profile email”.
    • TOKEN ENDPOINT AUTHENTICATION METHOD - Select the Client Secret Post option.
  7. Click Save and Continue.
  8. Configure Attribute mapping between PingOne and Youverse:
    • PingOne Username - Map to providerAttributes.preferred_username.
    • PingOne Email Address - Map to providerAttributes.email.
  9. Click Save and Finish.
  10. Enable the Youverse identity provider connection we just created by toggling the button in the upper right corner of the connection window.
  11. Add Youverse as a login option to your apps:
    1. In the admin console sidebar, click on Experiences > Authentication.
    2. Expand the Single_Factor section and click the pencil button to edit it.
    3. Add Youverse in the PRESENTED IDENTITY PROVIDERS field.
    4. Click Save and it is done!.

Enroll users

Users can enroll with Youverse by signing up here using the same e-mail address as in their PingOne login. This way, we can link both Youverse and PingOne accounts with the user e-mail.

After the e-mail is confirmed, it will be available through the OIDC email claim.

Troubleshooting

If you find any issues or need help with the setup please contact us or join us at our discord community.