Skip to main content
Skip table of contents

Configuring PingID Oauth2

You must create an PingID Application for your thingshub tennat in order to use PingID OAuth2 with thingshub. You will need the client_id, client_secret, auth_url, token_url and user_info_url that are available in the PingID Application.

Configure Oauth and register Thingshub in Google Workspace

  1. Open https://www.pingidentity.com/en.html and sign-on with your admin account.

  2. Go to Applications Menu in the left panel and click on Applications.

  3. Click on the Plus(+) icon at the top.

  4. In the side dialog fill in Thingshub SSO in the Application Name field.

  5. Select OIDC Web App in the Application Type option and click on SAVE.

  6. The side-dialog will now show the Application Detail page.

  7. Go to Configuration tab in the Application Detail side-dialog and click on the edit(pencil) icon.

  8. Scroll and find the Redirect URIs section in the edit configuration side-dialog and type the domain address of your thingshub tenant followed by the path /ping-id-oauth2/callback. This is the address that Google will redirect to after the authentication is complete, be it successful or failure.
    (Eg: https://foo-bar.thingshub.smartmakers.de/ping-id-oauth2/callback)

  9. Click on SAVE. The Configuration tab will open up in the application details side dialog.

  10. You will find the client_id and the client_secret values under the General section in the Configuration. You can copy these values to be used in the PingID config block in the tenat configuration file.

  11. You will also see URLs section; click on it to expand. You will see various URLs for your Application.

  12. The Authorization URL corresponds to the auth_url, the Token Endpoint will be token_url and the UserInfo Endpoint translates to user_info_url. You can copy all these values to be used in the PingID config block in the tenat configuration file.

  13. Go to the Resources tab of Application Detail Side Dialog and click on the edit(pencil) icon.

  14. openid should be pre-selected. Find and select email by clicking in the check-box. Click on SAVE.

  15. Enable the PingID Thingshub SSO Application by sliding the bar on the top-right of the side dialog.

 

Enable and configure PingID OAuth2 in Thingshub

CODE 
global:
  domain: foo.bar.com
  tenant_mode: trackinghub

...

  identity_providers:
    ping_id_oauth2:
      enabled: true
      params:
        client_id: <Client ID from above>
        client_secret: <Client Secret from above>
        auth_url: <Authorization URL from above>
        token_url: <Token Endpoint from above>
        user_info_url: <UserInfo Endpoint from above>
        scopes:
          - openid
          - email
      button:
        logo: "data:image/png;base64,iVBORw0KG........"
        text: "Sign-in with PingID"
        btn_color: "#B12B28"
        text_color: "#402306"

...

 

ping_id_oauth2 configurations:

  • enabled: The enabled flag is used to toggle ping_id_oauth2 on or off.

  • params: This block provides the configurations for thingshub to set ping_id_oauth2

    • client_id: This is the ID of the thingshub application created in the PingID Admin Console, which is available in the detail of the PingID Application.

    • client_secret: This is the secret the PingID provides for the thingshub application during PingID application creation.

    • auth_url: This is the endpoint that thingshub uses to interact with PingID to get the authorization to access the user data.

    • token_url: This is the endpoint that thingshub uses to get access tokens by exchanging the authorization code it gets from the auth_url.

    • user_info_url: This is the endpoint that thingshub uses to get the selected user data to be used for Thinshub users.

    • scopes: The scopes parameter is a list of OAuth 2.0 scopes(resources to access) allowing user to configure multiple scopes at a time. You can put in the values you selected in the Resources tab in the detail of the PingID Application.
      A scope determines the resource that Thingshub wants to access from PingID through OAuth 2.0. The PingID then sees if the Application is configured to have access for the said resource or not . Thingshub expects the following scopes to be available: "email"

  • button: The button block holds the theme for the button for PingID OAuth2 displayed on the thingshub login page.

    • logo: It is the base64 encoded string of the image to be displayed in the login button for PingID OAuth2. The base64 encoding should be in Data URI format.

    • text: Text is the message to be displayed in the login button for PingID OAuth2.

    • btn_color: It sets the color of the login button for PingID OAuth2.

    • text_color: It sets the color of the message in the text field that is to be shown in the login button for PingID OAuth2.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close