Skip to content

Configure SSO OIDC with Ping Identity for your organization

From version 1.41, Lightrun supports Single Sign-On (SSO) with OIDC (OpenID Connect protocol) using Ping Identity as your identity provider (IdP). Using OIDC, Lightrun functions as a service provider, receiving user authentication information from Ping Identity, which serves as the external identity provider. When SSO is enabled, Lightrun delegates authentication requests to the customer's IdP and grants users access to Lightrun in accordance with the IdPs response.

Once you have set up your SSO with OIDC, proceed to create your Lightrun users in the User Management page.

The process of setting up SSO involves these main stages:

  • Setting up the Lightrun-OIDC integration in Ping Identity.
  • Configuring and enabling SSO in the Lightrun Management Portal.

Set up the Lightrun OIDC integration in Ping Identity

Step 1: Get Lightrun’s Redirection URL

  1. Log in to your Lightrun Management Portal.

  2. Navigate to the Identity and Access Management tab > Identity Configuration > Login methods.

  3. To enable SSO, click the SSO toggle.

  4. Click OIDC as your SSO Protocol.

    Set OIDC SSO

  5. From the Service Provider's Redirect URL field, click Copy.

    This serves as the redirect URL used when configuring the identity provider. Note that at this point, SSO is not enabled with OIDC in Lightrun and will be activated in the next steps.

Step 2: Set up Lightrun Application in Ping Entity

  1. Create a new application for Lightrun in Ping.

    Navigate to Connections > Applications and click the + (plus icon) to create the application.

  2. In the Redirect URIs field, paste the URL you copied from the Lightrun SSO settings.

  3. Click Edit.

    The Edit Configuration page opens.

  4. Click the Protocol OpenID Connect and validate that the Token Endpoint Authentication Method is set to Client Secret Post.

  5. Click Save.

Step 3: Get Ping’s Identity Provider’s parameters

  1. In Ping Identity Management Portal, in the application, click the General tab and copy the values for the Client ID and Client Secret to be pasted in the Lightrun Management Portal.

    Lightrun application in Ping

  2. Proceed to click the Configuration tab and open the URLs tab.

    This page contains the relevant URLs that will need to be placed in the Lightrun Management Portal for the SSO configuration.

  3. Copy the OIDC Discovery Endpoint to the clipboard to be placed in the SSO page in the Lightrun Management Portal.

    Ping Configuration page

Proceed to configure the Lightrun OIDC settings in the Lightrun Management Portal.

Step 4: Set up SSO OIDC Ping in Lightrun

  1. Log in to the Lightrun Management Portal.
  2. Navigate to Identity and Access Management > Identity Configuration > Login methods.
  3. To enable SSO, click the SSO toggle.

  4. Click OIDC.

    Paste Ping settings here

  5. Paste the following values that you copied from Ping Identity.

    • Identity Provider’s Discovery URL: The URL provided by the SSO Provider for discovery OpenID Connect configuration details.
    • Identity Provider's Client ID: The unique identifier assigned to Lightrun by Ping.
    • Identity Provider’s Client Secret: The secret key assigned to Lightrun by Ping for the OIDC authentication.

  6. Click Save.

Last update: September 17, 2024