Ping Identity (PingID) is a cloud-based authentication provider. To configure OpenID Connect(OIDC) within Appsmith using PingID as an OIDC provider, follow these steps:
{% hint style="info" %} OpenID Connect is available only in the enterprise edition for self-hosted instances, and only the Superuser of your Appsmith Instance can set up OIDC. {% endhint %}
- Log into your Ping one account (Please create a new account if you don’t have one). and:
- On the top left, click the Ping Identity logo.
- Select Home. You’ll see the list of environments available. Click
Add Environmentavailable on the top right.
- Click on Build your own solution in the Create Environment window and choose
PingOne SSOfrom the given options.
{% embed url="https://youtu.be/B-Vsbqkkwqg" %} Build your own Solution {% endembed %}
- Fill in the details about the environment and click on Next.
{% embed url="https://youtu.be/h8QqEhbpEPs" %} Environment Configuration {% endembed %}
- Go to Connections from the sidebar and click on Applications. Create a new Application by clicking on the
+button. - On the New application window, select
Web Appand choose OIDC as the connection type. Enter the application name and description (optional) on the next page. - On the Configure window, add the Redirect URL of your Appsmith application (Copied from the OIDC window in Appsmith’s Admin Settings) and click on Save and Continue.
- Use the Grant Access Resources to filter the scopes by openid resource type. Move the desired scopes to Scope Grants to give access to the resources. Click on Save and Continue.
- In the Attribute Mapping, add the OIDC attributes. Please note that only the values added in the
Scope Grantwill be valid here. Hit Save and Close, and your application is ready.
{% embed url="https://youtu.be/fRreXB6P0No" %} Configure Environment and Scope {% endembed %}
- Under the general section, you can see the basic information about your application. You can add multiple Redirect URLs by simply editing the general configurations. (Allows you to use this PingID application for multiple Appsmith applications.
- Enable user access to the application from the toggle switch at the top right corner.
To continue with the OIDC setup on Appsmith, navigate to the fields on the Ping Identity configurations, and perform the actions mentioned below:
- Go to the configuration tab. Here, you’ll get all the configurations that are required to be added to your Appsmith application (Admin Settings →Authentication →OIDC)
- Configurations on PingID
- Configurations at Appsmith
The scope defines the OpenID Connect (OIDC) scopes that allow you to authorize the access of user details ( after a user is successfully authenticated) like name, email, profile picture, and more. Each scope maps to a set of user attributes and returns its value. Just below the JSON Web Key Set, you’ll see the Scope field:
Appsmith needs openId as a mandatory scope. You can add more scopes if the need be. You will have to ensure that the same is available at Ping Identity.
Ping Identity supports static and dynamic scopes. A static scope is defined using a text value that could be an attribute name. Dynamic scope is defined using a variable name that will hold the attribute value at runtime. Ping Identity provides an exhaustive guide to configure scopes available on their portal.
The username attributes define the attributes used as usernames for authentication. You can add the attribute to this field that your SSO provider considers for logging.
Appsmith considers email address as username. Please ensure that you have added it as an attribute in the Username Attribute field. Please provide email as the attribute name for configuring the username attribute for PingIdentity.
- Save the changes and restart your application by clicking
SAVE & RESTARTbutton.
- You’ll see the SIGN IN WITH OIDC SSO on the Appsmith’s login screen.
