This tutorial demonstrates how to integrate Criipto Verify with PingFederate. The following steps are required to complete your first login:
In the following you will be configuring first Criipto Verify, then PingFederate, and then back to finalizing the configuration in Criipto Verify.
The final step in this excercise is needed because of a catch-22 between the requirements of the configuration steps on the two platforms, respectively:
which is a bit of a chicken-and-egg-problem, unfortunately. We suggest that you break the deadlock by configuring a temporary (bogus) callback URL in the first step in Criipto Verify, and then replace it with the actual value available after the authentication source is created.
As the setup requires some switching back-and-forth between Criipto and PingFederate's respective management dashboards, we recommend that you have them open simultaneously to make the process fairly smooth.
Once configured you may test that everything works from PingFederate's
First, you must register your PingFederate tenant as an application in Criipto Verify.
Once you register your PingFederate tenant, you will also need some of the information for configuring PingFederate to communicate with Criipto Verify. You get these details from the settings of the application in the dashboard.
Specifically you need the following information to integrate with PingFederate:
Click the Save button - and a popup will appear after a little while with your client secret. Make a copy of it (preferably by pasting it directly into your PingFederate authentication source configuration).
The application details pane will be hidden automatically - you can expand it again by clicking anywhere on the line item with the name of your new application (in this article, that would be
On the dashboard of your PingFederate tenant, go to the
Authentication tab and click on the
IdP Connections tile
Click the Create Connection button and choose
BROWSER SSO PROFILES in
Connection Type and then
OpenID Connect in the
Click the Next button, choose
BROWSER SSO in
Click the Next button, enter your specific Domain authority in the
ISSUER field and click the Load Metadata button
Give the connection a recognizable name, copy-paste the Client ID and Client secret values from your Criipto Verify application
Click the Next button and then click the Configure Browser SSO button
NO MAPPING for the
Click the Next button and add the claim types that you want to consume in the
You can find the available claim types here.
Click the Save button and the callback URL you need to finalize the Criipto Verify application configuration is displayed - in PingFederate terms, though, the callback URL is called a
Expand the details of the application configuration if you haven't already done so in the first step.
Replace the temporary callback URL (from step 1,
https://example.com in this article) in your Criipto Verify application with the actual value now available from your PingFederate authentication source configuration (the value of the
Redirect URI above)
and click the Save button.
If you plan on using single-signon, you must also register your PingFederate
post_logout_redirect_url here so you can run single-logouts.
How to integrate your application with PingFederate depends on the technology you are working with. Refer to the PingFederate developer documentation for more details.
If you want to use pass-through of
login_hint values sent from your own application to Criipto Verify via PingFederate, you must enable it via a
Policy in your
IDP AUTHENTICATION POLICIES.
If you haven't already done so, create a
Policy Contract with the attributes you wish to consume
Then create a
Policy for your
IdP Connection to Criipto Verify and set the
Incoming User ID to be sourced from
Context and use the
Requested User value.
Leveraging these features makes you authentication source setup in PingFederate as simple as possible - you just need to register Criipto Verify once, and reuse it for all the e-ID methods you need to consume.