The customer team have been asked if we support Ping Identity.
In theory it should work since it supports OIDC, however we need validation
 
Have we done any testing or reference architectures with Ping Identity (and also I'd guess OKTA would be interesting also).
 
I don't think we test with any of them. Looked around and found nothing.

https://github.com/openshift/oauth-server/search?q=oidc
https://github.com/openshift/origin/search?q=oidc&type=code
 
We would be able to claim general OIDC support if
https://issues.redhat.com/browse/MSTR-1093 wasn't getting pushed every
release. Until then, the provider must not include ":" and "/" in their
`sub` claims. We do not know whether Ping Federate or Okta do
that, although I think we only had these issues with ADFS so far. It
might be that some configurations of Ping or Okta would still go for the
URL schema or something resembling it, which would end up in breaking
authentication to those IdPs.
 
If we are supporting OIDC within the product we should be validating the market leaders.
Okta and Ping would be my top two, but taking a look at the Gartner MQ (attached)

Requirements

Test with Okta, Ping Identity and Microsoft to produce blog, reference architectures, samples.