Introduction

In addition to deploying a demonstration environment that includes a basic PingFederate instance, you can configure the PingAccess for AWS solution to deploy with support for an existing PingFederate environment. You may choose this installation method for test or production deployments with a PingFederate environment that is external to your AWS VPC.

This document is a guide for administrators that describes the components the automation process is expecting to be configured in your PingFederate environment, how to configure those components, and how to include information about your environment to the automation.

While variations to these PingFederate requirements do exist, and while it is possible to deviate from these instructions in some cases, this document is intended to describe a minimum configuration and, as such, these instructions would be outside the scope of this document at this time.

At a minimum, your PingFederate environment requires the following components:

  1. Install the AWS Password Credential Validator
  2. Configure the AWS PCV instance
  3. Configure a Simple Password Credential Validator Instance
  4. Create an IdP adapter
  5. Add a Persistent Grant Extended Attribute
  6. Configure default scope values
  7. Configure an Access Token Manager instance
  8. Configure an AWS PCV Resource Owner Credentials Mapping
  9. Configure an IdP adapter mapping
  10. Configure an IdP Adapter Access Token mapping
  11. Configure an AWS PCV Access Token mapping
  12. Create an OpenID Connect policy
  13. Configure the PingAccess Admin SSO OAuth client
  14. Configure the Resource Owner API Client OAuth client
  15. Create and (optionally) export a PingFederate certificate