Skip to content

Commit 9750ea7

Browse files
committed
feat: Add implementation for docs
Signed-off-by: jdiaconu <jdiaconu@cisco.com>
1 parent 792e041 commit 9750ea7

1 file changed

Lines changed: 62 additions & 0 deletions

File tree

docs/docs/idp.md

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,3 +180,65 @@ Follow these steps to configure and register your Identity Provider:
180180
- If you need to discard the entered information and cancel the creation process, click the **Cancel** button.
181181

182182
![Register Issuer With Ory Success](/img/register-issuer-ory-done.png)
183+
184+
## Connecting Ping Identity as an Identity Provider
185+
186+
This guide specifically details the process for configuring [Ping Identity](https://www.pingidentity.com/) (PingOne) as an Identity Provider.
187+
188+
### Prerequisites
189+
190+
Before you begin the Identity Provider connection process, ensure you have the following:
191+
192+
- **Access to AGNTCY Identity Service:** You must have an administrator role or sufficient permissions within the AGNTCY Identity Service application to access the Settings and connect Identity Providers.
193+
- **PingOne Account:** An active [PingOne](https://www.pingidentity.com/en/platform/pingone.html) account is required.
194+
- **PingOne Application Details:** You must have a worker application configured within your PingOne environment. From this application, you will need to retrieve:
195+
- Your PingOne **Environment ID**
196+
- The **Client ID** for your worker application
197+
- The **Client Secret** for your worker application
198+
- The **Region** where your PingOne environment is hosted (e.g., `com`, `eu`, `asia`)
199+
200+
:::tip[NOTE]
201+
You can follow the [PingOne documentation](https://docs.pingidentity.com/r/en-us/pingone/p1_add_app_worker) for detailed instructions on how to create and manage worker applications within PingOne.
202+
203+
Worker applications in PingOne are designed for server-to-server authentication using the OAuth 2.0 client credentials grant type, which is ideal for the AGNTCY Identity Service integration.
204+
:::
205+
206+
### Identity Provider Connection Steps
207+
208+
Follow these steps to configure and register your Identity Provider:
209+
210+
1. **Select Identity Provider:**
211+
212+
- On the "Identity Provider Connection" page, you will be presented with a selection of supported Identity Providers.
213+
- Carefully choose the provider you intend to integrate:
214+
- **Ping** (for Ping Identity PingOne integration)
215+
- **Critical Note:** The selection of an Identity Provider is a **one-time** action. Once saved, this choice cannot be modified later. Ensure you select the correct provider before proceeding.
216+
217+
2. **Enter Provider Details:**
218+
219+
- After selecting your desired Identity Provider (Ping Identity), the "Provider details" section will become active, prompting you for specific configuration parameters.
220+
- **Environment ID:** Enter the Environment ID from your PingOne console. This uniquely identifies your PingOne environment.
221+
- _Example:_ `abc123-def4-5678-90ab-cdef12345678`
222+
- **Region:** Specify the region where your PingOne environment is hosted. Common values are:
223+
- `com` for North America (https://auth.pingone.com)
224+
- `eu` for Europe (https://auth.pingone.eu)
225+
- `asia` for Asia Pacific (https://auth.pingone.asia)
226+
- **Client ID:** Input the Client ID from your worker application. This uniquely identifies your application within PingOne.
227+
- _Example:_ `a1b2c3d4-e5f6-7890-abcd-ef1234567890`
228+
- **Client Secret:** Provide the Client Secret from your worker application. This is a sensitive credential used for authenticating API requests. For security purposes, the input in this field will be masked (displayed as asterisks).
229+
230+
3. **Save Configuration:**
231+
- Once all required details (Environment ID, Region, Client ID, and Client Secret) have been accurately entered, click the **Save** button.
232+
- Upon successful saving, your Ping Identity provider will be registered and configured within AGNTCY Identity Service.
233+
- If you need to discard the entered information and cancel the creation process, click the **Cancel** button.
234+
235+
### PingOne Application Configuration
236+
237+
When creating your worker application in PingOne, ensure the following:
238+
239+
1. **Application Type:** Select "Worker" as the application type
240+
2. **Grant Type:** Ensure "Client Credentials" is enabled
241+
3. **Scopes:** Grant the necessary scopes for the application to manage other applications (typically administrative scopes)
242+
4. **Token Endpoint Authentication Method:** Use "Client Secret Basic" or "Client Secret Post"
243+
244+
The AGNTCY Identity Service will use this worker application to create and manage OAuth client credentials for your agentic services automatically.

0 commit comments

Comments
 (0)