You must create an
PingID Application for your
thingshub tennat in order to use PingID OAuth2 with thingshub. You will need the
user_info_url that are available in the PingID Application.
Configure Oauth and register Thingshub in Google Workspace
Open https://www.pingidentity.com/en.html and sign-on with your admin account.
ApplicationsMenu in the left panel and click on
Click on the
Plus(+)icon at the top.
In the side dialog fill in Thingshub SSO in the
OIDC Web Appin the
Application Typeoption and click on SAVE.
The side-dialog will now show the Application Detail page.
Configurationtab in the Application Detail side-dialog and click on the edit(pencil) icon.
Scroll and find the
Redirect URIssection in the edit configuration side-dialog and type the domain address of your thingshub tenant followed by the path
/ping-id-oauth2/callback. This is the address that Google will redirect to after the authentication is complete, be it successful or failure.
Click on SAVE. The
Configurationtab will open up in the application details side dialog.
You will find the
client_secretvalues under the
Generalsection in the Configuration. You can copy these values to be used in the PingID config block in the tenat configuration file.
You will also see
URLssection; click on it to expand. You will see various
URLsfor your Application.
The Authorization URL corresponds to the
auth_url, the Token Endpoint will be
token_urland the UserInfo Endpoint translates to
user_info_url. You can copy all these values to be used in the PingID config block in the tenat configuration file.
Go to the
Resourcestab of Application Detail Side Dialog and click on the edit(pencil) icon.
openid should be pre-selected. Find and select email by clicking in the check-box. Click on SAVE.
Enable the PingID Thingshub SSO Application by sliding the bar on the top-right of the side dialog.
Enable and configure PingID OAuth2 in Thingshub
client_id: <Client ID from above>
client_secret: <Client Secret from above>
auth_url: <Authorization URL from above>
token_url: <Token Endpoint from above>
user_info_url: <UserInfo Endpoint from above>
text: "Sign-in with PingID"
enabled: The enabled flag is used to toggle
ping_id_oauth2on or off.
params: This block provides the configurations for thingshub to set
client_id: This is the ID of the thingshub application created in the PingID Admin Console, which is available in the detail of the PingID Application.
client_secret: This is the secret the PingID provides for the thingshub application during PingID application creation.
auth_url: This is the endpoint that thingshub uses to interact with PingID to get the authorization to access the user data.
token_url: This is the endpoint that thingshub uses to get
access tokensby exchanging the authorization code it gets from the
user_info_url: This is the endpoint that thingshub uses to get the selected user data to be used for Thinshub users.
scopes: The scopes parameter is a list of OAuth 2.0 scopes(resources to access) allowing user to configure multiple scopes at a time. You can put in the values you selected in the
Resourcestab in the detail of the PingID Application.
A scope determines the resource that Thingshub wants to access from PingID through OAuth 2.0. The PingID then sees if the Application is configured to have access for the said resource or not . Thingshub expects the following scopes to be available:
button: The button block holds the theme for the button for
PingID OAuth2displayed on the thingshub login page.
logo: It is the base64 encoded string of the image to be displayed in the login button for
PingID OAuth2. The base64 encoding should be in
text: Text is the message to be displayed in the login button for
btn_color: It sets the color of the login button for
text_color: It sets the color of the message in the
textfield that is to be shown in the login button for