This guide walks you through integrating Ping Identity (PingOne) Single Sign-On with Axya. Once configured, your users can log in to Axya using their existing Ping Identity credentials.
Send the following information to Axya's security team at security@axya.co:
| Information | Description |
|---|---|
| User domain name | The email domain used for SSO (e.g., user@yourcompany.com) |
| IdP Entity ID | The Ping Identity Issuer / Entity ID for the application |
| SSO URL | The Single Sign-On Service URL from Ping Identity |
| Signing Certificate | The X.509 signing certificate from Ping Identity |
| Test account | A test user with valid Ping Identity credentials for Axya to validate the SSO flow |
| Information | Description |
|---|---|
| User domain name | The email domain used for SSO (e.g., user@yourcompany.com) |
| Client ID | The Client ID assigned to the Axya application |
| Client Secret | The Client Secret generated for the Axya application |
| Issuer URL | The PingOne environment Issuer URL (e.g., https://auth.pingone.com/{environmentId}/as) |
| Test account | A test user with valid Ping Identity credentials for Axya to validate the SSO flow |
If you selected SAML Application in Step 1:
If you selected OIDC Web App in Step 1:
openid, email, and profile are selected.In the Axya application, go to the Attribute Mappings tab.
Ensure the following attributes are mapped:
| PingOne attribute | Application attribute |
|---|---|
| Email Address | email |
| Given Name | firstName |
| Family Name | lastName |
Click Save.
Important: The application must be enabled and users must be part of an assigned group or population. Otherwise, they will not be able to authenticate through SSO.
Email the following to security@axya.co:
For SAML 2.0:
For OIDC:
The Axya security team will configure the SSO connection and provide the ACS URL, Entity ID, or Redirect URI if not already shared.
"Application is not enabled" or blank screen after login
The Axya application may not be toggled to Enabled in PingOne. Go to Connections > Applications, find the Axya app, and ensure the toggle is set to Enabled.
"User is not authorized" error
The user is not part of a group or population assigned to the Axya application. Check the Access tab and ensure the user's group is assigned.
"Invalid redirect URI" error (OIDC)
The Redirect URI in PingOne does not match what Axya expects. Contact security@axya.co to confirm the correct Redirect URI and update it in the application configuration.
Certificate or signature validation error (SAML)
The signing certificate may have been rotated in PingOne. Download the current certificate from the Configuration tab and send it to security@axya.co.
Note: This guide covers the general PingOne SSO setup. Configuration steps may vary depending on your Ping Identity product (PingOne, PingFederate) and plan. Refer to the official Ping Identity documentation for the most current instructions.
For assistance, contact the Axya security team at security@axya.co.