Enable IdP-initiated SSO login for PingOne

In Opti ID, you can configure identity provider (IdP)-initiated login. This lets users log in to Opti ID with your organization's single sign-on (SSO) without having to re-enter their email on the Opti ID login page (https://login.optimizely.com) or re-authenticate if they are already logged in.

After you configure the IdP-initiated login, if users are already logged in with your organization's SSO provider when they navigate to Opti ID, they are redirected to the Opti ID home dashboard without the need to log in again (https://home.optimizely.com). This provides a more seamless login experience to Optimizely.

Prerequisites

• PingOne account with an active subscription
• Configure the SAML or OIDC SSO connection in your IdP.
  • Configure SAML SSO with PingOne.
  • Configure OIDC SSO with PingOne.
• If you want to automatically provision users who log in with a specific domain, you must configure organizational domains before enabling IdP-initiated SSO login.

Configure IdP-initiated SSO login

These instructions are for both OpenID Connect (OIDC) and Security Assertion Markup Language (SAML) SSO integrations with Opti ID and Okta.

If you have multiple SSO connections that you want to configure this for, repeat these instructions for each SSO connection. If you remove and recreate an SSO connection that already has IdP-initiated login configured, you must update the IdP-initiated URL in your IdP.

Copy your IdP-initiated URL from Opti ID

1. Go to Settings > SSO in the Opti ID Admin Center.
2. Select the SSO connection for which you want to configure the IdP-initiated SSO login.
3. Copy the IDP-Initiated URL.

Add the IdP-initiated URL in PingOne

If you have an SSO integration with Opti ID and PingOne, complete the following steps to configure the IdP-initiated SSO login.

1. Go to Application > Application Portal.
2. Click the + in the Links section. The Add Link window displays.
3. Complete the following profile details:
   • Link Name – Enter a name for the link that displays in the application portal.
   • (Optional) Description – Enter a brief description of the link.
   • (Optional) Icon – Upload an image that will display for this app in the application portal. The max file size is one MB, and the file must be in JPG, JPEG, GIF, or PNG format. You can use the following Optimizely logo to easily identify this app as the Optimizely login.

     

   • URL – Enter the IdP-initiated URL you copied from the Opti ID Admin Center.

     

4. Click Save.

PingOne application portal

After you complete this configuration and ensure your app is set as visible, it displays in the PingOne application portal to all users or groups you have assigned it to.

When users click the Opti ID application tile, they automatically authenticate with Opti ID and are redirected to the Opti ID home dashboard.

For information on accessing the PingOne application portal, see PingOne's documentation.