Ping Identity

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

Identity

system_type: "ping_identity"

Integrate PingFederate or PingOne for enterprise SSO and identity federation.

Overview#

The Ping Identity connector proxies PingFederate and PingOne API calls. OAuth2 client credentials are sealed in QuantaVault. Supports user provisioning, token introspection, and SCIM operations.

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Prerequisites#

1PingFederate or PingOne account with API access
2OAuth2 client credentials (client_id, client_secret) or API key

Configuration#

Follow these steps to connect Ping Identity to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1
In PingOne or PingFederate, create an application with the required API scopes.
2
Seal client credentials: POST /api/v2/vault/seal with credential_type: oauth2_client.
3
Create integration with system_type: ping_identity.

Authentication Types#

PingOne uses client_credentials OAuth2. PingFederate supports both client_credentials and API key auth.

OAuth2 ClientAPI Key

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Operation	Description
`get_user`	Retrieve a user profile.
`list_users`	List users with filter support.
`introspect_token`	Validate and inspect an access token.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

bashCopy

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"integration_id":"int_PING001","operation":"get_user","payload":{"user_id":"user-guid-001"}}'

Decrypt the response using the QuantaSeal SDK: client.encryption.decrypt(envelope). Both the ML-DSA-65 signature and the HMAC-SHA-512 signature must pass - QuantaSeal uses a bitwise & check, not short-circuit and.

Troubleshooting#

invalid_client error from Ping

Verify the client_id and client_secret. Ping environments have separate credentials per environment (Sandbox/Production).

Still stuck? Check the Security Events page in the Admin Console for detailed proxy error logs, or open a support ticket at quantaseal.io/support.

All Connectors API Reference