Ping Identity (PingOne SSO)


Achieve a truly frictionless login experience with YooniK Single Sign-On (SSO). To login with YooniK, you need a username and a selfie, and that’s it! No more passwords to worry about.

This guide details the required steps to setup YooniK as an external identity provider in Ping Identity (PingOne SSO instance).

With this integration you can easily add a passwordless login option for all your PingOne enabled apps using YooniK SSO.

Prerequisites

  1. A PingOne SSO account. Sign up for a free trial here.
  2. A PingOne application that you want to add authentication to.
  3. Send an e-mail to support@yoonik.me requesting a SSO PingOne integration account and provide your app name. You will receive a unique identifier for the registered app and also a secret (Client ID and Client Secret). Make note of these values, you will need them later.

Add the YooniK SSO Integration

To integrate YooniK SSO with your PingOne instance, follow the steps below.

  1. From your PingOne admin console click on Connections > External IDPs.
  2. Click on the Add Provider button.
  3. In the identity provider selection screen, select the custom option OPENID CONNECT.
  4. Fill in the profile details:
    • NAME - Enter a name for this connection (e.g. "YooniK").
    • DESCRIPTION - Provide a description for this connection (e.g. "YooniK SSO Face Authentication").
    • ICON - You can download the YooniK icon here.
  5. Click Continue.
  6. Fill in the connection details:
    • CLIENT ID - Paste the Client ID received from YooniK.
    • CLIENT SECRET - Paste the Client Secret received from YooniK.
    • CALLBACK URL - Please make note of this URL and share it with YooniK.
    • DISCOVERY DOCUMENT URI - https://accounts.yoonik.me/.well-known/openid-configuration.
      • Click on the Use Discovery Document button to populate OIDC endpoints.
    • REQUESTED SCOPES - Enter “openid profile email”.
    • TOKEN ENDPOINT AUTHENTICATION METHOD - Select the Client Secret Post option.
  7. Click Save and Continue.
  8. Configure Attribute mapping between PingOne and YooniK:
    • PingOne Username - Map to providerAttributes.preferred_username.
    • PingOne Email Address - Map to providerAttributes.email.
  9. Click Save and Finish.
  10. Enable the YooniK identity provider connection we just created by toggling the button in the upper right corner of the connection window.
  11. Add YooniK as a login option to your apps:
    1. In the admin console sidebar, click on Experiences > Authentication.
    2. Expand the Single_Factor section and click the pencil button to edit it.
    3. Add YooniK in the PRESENTED IDENTITY PROVIDERS field.
    4. Click Save and it is done!.

Enroll users

Users can enroll with YooniK by signing up here using the same e-mail address as in their PingOne login. This way, we can link both YooniK and PingOne accounts with the user e-mail.

After the e-mail is confirmed, it will be available through the OIDC email claim.

Troubleshooting

If you find any issues or need help with the setup please contact us or join us at our discord community.