Using PingOne with Central

    How to integrate Central with PingOne.


    A live IdP environment must be configured before implementing federated authentication for Central.

    See PingOne's Support Site.

    Important: You can log in with Single Sign On on the website only. The Client App does not support Single Sign On login.
    Note: Central requires SAML 2.0 for Single Sign-On authentication. SAML 1.1 is not supported.

    Set up Common Login Service as an application

    The Identity Provider must be configured to trust the Common Login Service (CLS) as a Service Provider. CLS is GoTo's own shared authentication service that provides single login experience for GoTo products and services on every platform.

    You must add CLS as an application in Ping Identity to allow a trust relationship to be established between your network and the host.

    1. Log into your Ping Identity account at
    2. On the Applications tab, go to My Applications and select Add Application.
    3. Input all data in the Application Details wizard.
      Option Description
      Field Input or Action
      Application Name Enter a unique name for CLS
      Application Description Enter a description for CLS (optional)
      Graphics Upload a logo for the CLS application (optional)
    4. Click Continue to Next Step.

      The Application Configuration screen is displayed.

    Configure CLS connection

    From PingOne's Application Configuration screen the CLS connection must be configured

    1. Select the I have the SAML configuration option.
    2. Input all data in the Application Configuration wizard as shown in the table below. If not specified, leave the other configuration fields empty.
      Field Input
      Protocol Version SAML v2.0
      Assertion Consumer Service (ACS)
      Entity ID
      Important: Must be unique across all applications.
      Application URL
    3. Click Continue to Next Step.

      The SSO Attribute Mapping screen is displayed.

    Configure CLS attributes

    From the SSO Attribute Mapping screen, a unique identifier attribute must be configured. The identifier represents the shared identifier between the IdP and the host, allowing users to access services.

    Note: The identifier can include any string value.
    1. Add the following attributes in the SSO Attribute Mapping wizard by clicking Add new attribute. Leave the As Literal and Required options unchecked.
      Application Attribute Identity Bridge Attribute or Literal Value
      Email Email Address
      FirstName First Name
      LastName Last Name
    2. Once all attributes are added, click Save & Publish.

      The Review Setup screen is displayed.

    Provide Information to GoTo

    Once the IdP configuration is complete, you must provide the information to GoTo.

    If you do not have an account representative, please contact us by selecting Contact Support in this article.

    1. On the Review Setup screen, download the following files and send them to your GoTo representative.
      Information Instructions
      Certificate The X.509 certificate used to encrypt and sign SAML 2.0 assertions.
      SAML Metadata The metadata document describing the endpoint addresses for communication.

      Once your GoTo representative has configured the SAML 2.0 connection using the information provided, your users gain access to the appropriate account and permissions via the IdP as the authentication source. It may take up to 30 minutes for the SSO service to be established for the first time.

      Tip: To test the service, go to the CLS application on the Connections page at
    Article last updated: 19 October, 2022