PingOne
The PingOne cloud platform from PingIdentity provides SSO identity management. Cloudflare Access supports PingOne as an OIDC identity provider.
-
In your PingIdentity environment, go to Connections > Applications.
-
Select Add Application.
-
Enter an Application Name.
-
Select OIDC Web App and then Save.
-
Select Resource Access and add the email and profile scopes.
-
In the Configuration tab, select General.
-
Copy the Client ID, Client Secret, and Environment ID to a safe place. These IDs will be used in a later step to add PingOne to Cloudflare One.
-
In the Configuration tab, select the pencil icon.
-
In the Redirect URIs field, enter the following URL:
https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callbackYou can find your team name in Cloudflare One ↗ under Settings > Team name.
-
Select Save.
- In Cloudflare One ↗, go to Integrations > Identity providers.
- Under Your identity providers, select Add new identity provider.
- Select PingOne.
- Input the Client ID, Client Secret, and Environment ID generated previously.
- (Optional) Enable Proof of Key Exchange (PKCE) ↗. PKCE will be performed on all login attempts.
- (Optional) To enable SCIM, refer to Synchronize users and groups.
- (Optional) Under Optional configurations, enter custom OIDC claims that you wish to add to your users' identity.
- Select Save.
You can now test your connection and create Access policies based on the configured login method.
{ "config": { "client_id": "<your client id>", "client_secret": "<your client secret>", "ping_env_id": "<your ping environment id>" }, "type": "ping", "name": "my example idp"}Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark