PingOne

PingOne, a renowned cloud-based identity and access management (IAM) solution provided by Ping Identity, offers secure single sign-on (SSO) capabilities, multi-factor authentication (MFA), and user provisioning features. By integrating PingOne with Remote Desktop Manager, organizations can leverage these robust security features directly within their remote desktop management environment.

Required applications

In PingOne, permissions are assigned based on the type of application. For a worker, permissions come from predefined roles, while permissions for all other types of apps come directly from the user. For PingOne we need two applications unlike Azure or Okta.

Worker application

This application is used to find users and groups from the directory.

Worker application
Worker application

Required roles

Both Environment Admin and Identity Admin roles are required.

Required roles
Required roles

Required configuration settings

The following are the required configuration settings in PingOne.

Devolutions Server Worker – Edit Configuration
Devolutions Server Worker – Edit Configuration

Authentication app

Here are the required configuration settings for the application used to authenticate a user to our system using their PingOne identity. The required configuration settings are located in the Overview tab.

The basic URL for the worker application is api.pingone.[com, ca, eu, asia]/v1. Note that the URL depends on where PingOne is deployed.

Devolutions Server Authentication – Edit configuration
Devolutions Server Authentication – Edit configuration

Devolutions Server Authentication – Edit configuration
Devolutions Server Authentication – Edit configuration

PingOne authentication settings in Devolutions Server

In Devolutions Server web interface, go to Administration – Server Settings – Authentication. Check Authenticate with PingOne user and click PingOne authentication.

Authentication – Authenticate with PingOne user – PingOne authentication
Authentication – Authenticate with PingOne user – PingOne authentication

The following is a description of the authentication settings for PingOne in Devolutions Server.

PingOne authentication settings
PingOne authentication settings

General

SETTINGS DESCRIPTION
Display Name The name displayed in the PingOne dashboard for identifying an application or resource.
Environment ID A unique identifier assigned by PingOne to differentiate between specific operational environments (e.g., development, testing, production).

Authentication configuration

SETTINGS DESCRIPTION
Domain The domain used in authentication processes, often reflecting the organization's primary internet domain, to identify the organization in PingOne.
Client ID A unique identifier provided by PingOne for an application, facilitating OAuth 2.0 authentication by distinguishing it from others.
Client Secret A secret key given by PingOne, used with the Client ID for OAuth 2.0 authentication, ensuring secure access to the application.

Synchronize users and groups

SETTINGS DESCRIPTION
Domain The internet domain associated with the organization for user and group synchronization purposes, typically the organization's email domain. The URL is api.pingone.[com, ca, eu, asia]/v1. Note that the URL depends on where PingOne is deployed.
Client ID An identifier for the application or service used by PingOne for managing user and group synchronization processes.
Client Secret A secret key used alongside the Client ID to securely sync users and groups between the organization's directory services and PingOne.
Test Connection Test and verify that the settings for user and group synchronization are correctly configured and operational with PingOne.

Automatic user creation

SETTINGS DESCRIPTION
Auto Create on First Login Enables the automatic creation of user accounts in PingOne when they log in for the first time.
User Type Specifies the role or permissions for users automatically created upon their first login, affecting their access within the PingOne ecosystem.
Only from this group Limits the automatic creation of user accounts to individuals who are members of a particular group.
Devolutions Forum logo Give us Feedback