The PingOne Marketplace listing enables PingOne customers to deploy 1Kosmos as a biometric passwordless authentication and identity verification solution alongside existing Ping methods.
Integration type
Marketplace
Updated
Overview
1Kosmos is listed on the PingOne Marketplace, Ping Identity's catalog of pre-built integrations for the PingOne platform. The listing makes 1Kosmos available to PingOne customers as a biometric passwordless authentication and identity verification solution that can be deployed alongside or in place of existing Ping authentication methods.
The primary integration path from the PingOne Marketplace connects 1Kosmos to PingOne DaVinci, Ping Identity's no-code identity orchestration service.
Through DaVinci, organizations can embed 1Kosmos authentication into any user journey, including employee onboarding, customer login, and step-up verification flows, using a drag-and-drop flow designer without custom code. The 1Kosmos connector for DaVinci uses OIDC to redirect users to 1Kosmos for biometric authentication and return the result to the DaVinci flow.
Organizations using other PingOne services such as PingFederate or PingAccess can also integrate with 1Kosmos via SAML 2.0. Contact your 1Kosmos or Ping Identity representative to determine the appropriate integration path based on your Ping deployment.
Prerequisites
PingOne account: Access to the PingOne Admin Console and, for DaVinci-based integration, an active PingOne DaVinci subscription.
Active 1Kosmos tenant: Community administrator access to the AdminX portal. Contact 1kosmos.com/contact if your tenant is not yet provisioned.
Ping Identity Global Technology Partner Program membership: 1Kosmos is a member of the Ping Identity partner program. The integration is supported through this partnership. Contact your Ping Identity representative if you need assistance initiating the integration.
1Kosmos mobile app installed: For authentication use cases, users must have the app on iOS or Android with biometrics enrolled before testing.
Configuration values
Values to collect from PingOne DaVinci before configuring 1Kosmos (for DaVinci integration):
Field | Where to find it |
|---|---|
Redirect URL | PingOne DaVinci → Connections → 1Kosmos connector → Edit → Redirect URL field |
Values to collect from 1Kosmos AdminX after creating the OIDC application:
Field | Where to find it |
|---|---|
Client ID | AdminX → Applications → [DaVinci OIDC app] → Client Credentials |
Client Secret | AdminX → Applications → [DaVinci OIDC app] → Client Credentials |
Authorization Endpoint | AdminX → Settings → Authorization Server → Metadata URI |
Token Endpoint | AdminX → Settings → Authorization Server → Metadata URI |
User Info Endpoint | AdminX → Settings → Authorization Server → Metadata URI |
Issuer | AdminX → Settings → Authorization Server → Metadata URI |
Integration steps
Step 1: Find the 1Kosmos listing on PingOne Marketplace
Log in to the PingOne Admin Console and navigate to the PingOne Marketplace at marketplace.pingone.com.
Search for "1Kosmos" and select the listing.
Review the available integration options. For DaVinci-based deployments, proceed with the DaVinci connector path. For other Ping products, contact your 1Kosmos representative for the appropriate configuration guide.
Step 2: Add the 1Kosmos connector in DaVinci
In PingOne DaVinci, navigate to Connections and click New Connection.
Search for "1Kosmos" and click the + icon to add the connector. Enter a name such as "1Kosmos OIDC" and click Create.
Open the connector's actions menu, select Edit, and copy the Redirect URL displayed on the connector settings screen.
Step 3: Create the OIDC application in AdminX
Log in to the AdminX portal and navigate to Applications → Add Application → OIDC → Add Integration.
Enter a name such as "PingOne DaVinci," set Grant Type to Authorization Code, and set Signing Algorithm for ID Token to RS256.
Paste the DaVinci Redirect URL into the Sign-in Redirect URIs field. Enable the
openid,email, andprofilescopes.Click Create and copy the Client ID and Client Secret from the credentials screen.
Step 4: Collect metadata endpoints from AdminX
In the AdminX portal, navigate to Settings → Authorization Server and click the Metadata URI link.
From the JSON response, copy the Authorization Endpoint, Token Endpoint, User Info Endpoint, and Issuer values. Pasting the full response into a JSON viewer makes it easier to locate each field.
Step 5: Complete the connector configuration in DaVinci
Return to the DaVinci connector settings and paste the Client ID and Client Secret from AdminX.
Enter the Authorization Endpoint, Issuer, Token Endpoint, and User Info Endpoint from the metadata response.
Set the Scope to include
openid,email, andprofile.Enable Send state with request.
Click Apply to save.
Step 6: Add the connector to a DaVinci flow
In DaVinci, open or create the flow where you want to include 1Kosmos authentication.
Add an HTTP connector node configured as an HTML Form with an email input field (property name:
email).Connect the 1Kosmos connector node to the flow. In the node configuration, select Redirect to 1Kosmos, add a
login_hintquery parameter, and set its value to the email output from the HTML Form node.Connect a completion node to handle the post-authentication response.
Step 7: Test the flow
Click the play button in DaVinci to trigger the flow.
Enter a test user's email address in the HTML Form.
Confirm the flow redirects to the 1Kosmos login portal, authentication completes successfully, and the flow returns the user to the configured completion step.
Test with a single user before enabling the flow for production.
Integration notes
The PingOne Marketplace listing and the PingOne DaVinci connector described here represent the primary integration path for PingOne customers. Organizations using PingFederate as their core federation service can also integrate with 1Kosmos via SAML 2.0 by configuring 1Kosmos as a SAML IdP adapter in PingFederate and adding PingFederate as a SAML service provider in the AdminX portal. Contact your 1Kosmos or Ping Identity representative for a PingFederate-specific configuration guide.
The login_hint parameter pre-fills the user's email in the 1Kosmos login screen, improving the flow experience for users coming from a DaVinci form.
