Summary

This short series of steps enables Ping admins to connect their Ping provider to Bigeye for single sign on. Upon completion, your employees will be able to login to Bigeye via Ping.

📘

Note - substitute the email domain values

Make sure to enter the same <domain> value throughout this process. The domain will be the email domain of your users such as example.com. If you have more than one domain, it is recommended to set up more than one connection inside of Bigeye.

📘

Note - your Bigeye URL may be different

If you use a Bigeye URL that is different from app.bigeye.com, please substitute your Bigeye URL while performing the steps of this configuration.


Part 1: Configure Ping to connect to Bigeye

  1. From the Ping Identity Console, go to Connections > Applications

  1. Click the + icon to create a new application

  1. Fill in the application details as follows:
  • Name: Bigeye
  • Icon: upload the Bigeye logo
  • Application Type: OIDC Web App
  1. Click Save
  2. Open the new application from the list, and click on the badge for OpenID Connect

  1. Input the following values:
  • Response Type: Check Code and Token
  • Grant Type: Check Authorization Code and Refresh Token
  • PKCE Enforcement: Optional
  • Redirect URIs: https://app.bigeye.com/sso/oidcLogin/<domain>, substituting your email domain e.g. mycompany.com
  • Token Endpoint Authentication Method: Client Secret Post
  • Initiate Login URI: https://app.bigeye.com/sso/<domain>
  1. Click Save

Part 2: Gather application information for Bigeye

  1. From the Ping Identity Console, open the entry for your Bigeye application
  2. Click on the Configuration tab
  3. Note the following information to provide to Bigeye:
  • OIDC Discovery Endpoint (this will be input into Bigeye as the Issuer URL, without the ending that starts with .well-known)
  • Client ID
  • Client Secret

Part 3: Configure Bigeye to integrate with Ping

To configure Bigeye to connect to Ping:

  1. Go to https://app.bigeye.com/settings/single-sign-on
  2. Click New Connection
  3. Set the following values:
    1. Single sign-on provider: OpenID Connect (OIDC)
    2. Domain: your email domain (e.g. example.com). After this connection is activated, all email addresses for this email domain will be forwarded to your identity provider.
    3. Connection name: your email domain (e.g. example.com). This is an identifier used by Bigeye and your identity provider when they interact.
    4. Issuer URL: this is the URL that provides information about your OpenID Connect endpoints and which parameters are accepted. This URL should be accessible over the network that connects to Bigeye. Bigeye will append .well-known/openid-configuration to the URL you provide.
    5. Client ID and Client Secret as configured by your identity provider
  4. Click Save

Once the connection is saved, all logins for the domain specified will be validated by your identity provider. We highly recommend doing the following to verify your connection:

  1. Log in inside of another browser to verify that you can log in. If you are not able to log in, you may delete the Single Sign-on Connection inside of Bigeye to prevent other users from being locked out.
  2. Verify in your identity provider that the correct users are added to the applicable membership groups for Bigeye.
Configuration dialog for a new single sign-on connection

Configuration dialog for a new single sign-on connection