Strategy One

Integrate Strategy with PingOne OIDC Single Sign-On

Starting in Strategy One (September 2025), you can integrate Strategy with PingOne OIDC single sign-on (SSO).

Prerequisite

Configure OAuth Parameters: Authorization Code Workflow

Create a Data Source Using OIDC Single Sign-on as an Authentication Mode

  1. Open the Workstation window.

  2. Connect to an environment.

  3. Create an Enterprise Security Object. For more information, see Manage OAuth Enterprise Security with Identity and Access Management (IAM) Objects.

    All required information should be collected in Configure OAuth Parameters: Authorization Code Workflow.

  4. Leave the Client Secret field blank.

  5. Click Save.

  6. Click , next to Data Sources.

  7. Choose Snowflake.

  8. Expand the Default Database Connection drop-down list and choose Add New Database Connection.

  9. Expand the Driver drop-down list and choose the JDBC or ODBC driver.

  10. Enter your Server and other optional fields.

  11. Expand the Authentication Mode drop-down list and choose OIDC Single Sign-On.

  12. Expand the Authentication Service drop-down list and choose an authentication service or click Add New Authentication Service.

    For more information, see Manage OAuth Enterprise Security with Identity and Access Management (IAM) Objects.

  13. In Scope, enter the same value you defined in your Enterprise Security Object.

  14. Click Save.

  15. Type a Name.

  16. Click Save.

Create and Map Users to PingOne

  1. Open the Workstation window.

  2. Connect to an environment.

  3. In the Navigation pane, click User and Groups.

  4. In the Navigation pane, click next to All Users.

  5. In Account and Credentials, enter a Full Name, Email Address, Username, and Password, if required.

  6. In the left pane, click Privileges and add the following privileges:

    • Access data from Databases, Google BigQuery, BigData, OLAP, BI tools

    • Create and edit database instances and connections

    • Create and edit database logins

    • Create configuration objects

    • Create dataset in Workstation

    • Configure project data source

    • Monitor Database Connections

    • Use Workstation

  7. In the left pane, click Authentication.

  8. In Trusted Authenticated Request User ID, type the user's email address.

  9. Click Save.

Configure OIDC

  1. Enable OIDC Authentication for Strategy Library.

    Ensure the redirect URIs are added to Configure OAuth Parameters: Authorization Code Workflow in the Step 1 section.

  2. Enter your Client ID and Issuer. These values can be found from the Native app you created in Configure OAuth Parameters: Authorization Code Workflow.

  3. Ensure User Claim Mapping has the same values as your native app.

  4. Expand Advanced and in Scopes, add session:role-any and offline_access.

  5. Restart Web server.

Single Sign-On with OIDC

  1. Open the Workstation window.

  2. Connect to an environment.

  3. Right-click the environment and click Edit Environment Information.

  4. In Authentication Mode, select Default OIDC and click Continue.

  5. Login to your PingOne account in the dialog.

  6. Use an Administrator account to grant privileges to the new user.

    You can ignore this step if you have mapped the user to your Entra ID account and already granted privileges.

  7. In the Navigation pane, click next to Datasets.

  8. In the Project drop-down list, choose a project.

  9. Select Data Import Cube and click OK.

  10. Choose the data source you created above.

    The namespaces and tables display.