--- title: Preparing to use a PingAM journey description: To use a PingAM journey, you must install PingAM and perform the additional configuration steps described in this document. component: pingam page_id: pingam:setup:pf_pingam_ik_using_pingam_journey canonical_url: https://docs.pingidentity.com/integrations/pingam/setup/pf_pingam_ik_using_pingam_journey.html revdate: October 23, 2025 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps example: Example: --- # Preparing to use a PingAM journey To use a PingAM journey, you must install PingAM and perform the additional configuration steps described in this document. ## Before you begin Complete the steps in the PingAM installation [guide](https://docs.pingidentity.com/pingam/latest/installation/preface.html). ## About this task In the PingAM admin console: ## Steps 1. If you don't have an alpha realm in your environment yet: 1. Go to **Realms** and click **New Realm**. 2. In the **Name** field, enter `alpha`. 3. Click **Use Client-Side Sessions**. 4. Click **Create** to save your configuration. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You should have an alpha realm because it's best practice to reserve the root realm for administrative operations. Learn more about configuring a realm in [create a new realm](https://docs.pingidentity.com/pingam/latest/setup/configure-realms-console.html#create-new-realm). | 2. Configure client-side sessions by completing the steps in the [configure client-side sessions](https://docs.pingidentity.com/pingam/latest/am-sessions/impl-client-based-sessions.html) procedure. 3. Enable goto and redirects for the validation service. By default, PingAM denies all goto and redirects after the sign on flow is complete. 1. In the alpha realm, go to **Services**. 2. If the **Validation Service** is not in the list of services, click **Add a Service** and in the **Choose a service type** list, select **Validation Service.** 3. In the **Valid goto URL Resources** field, enter one or more valid URL patterns to allow. ### Example: * `https://:*/*` * `https://:*/*?*` 4. Configure push authentication journeys by completing the steps in the [push authentication journeys guide](https://docs.pingidentity.com/pingam/latest/am-authentication/authn-mfa-trees-push.html). 5. (Optional) To adjust authentication session lifetimes: 1. In the alpha realm, go to **Services**, click **Session**, then click **Create**. 2. On the **Dynamic Attributes** tab, enter the desired values in the **Maximum Session Time** and **Maximum Idle Time** fields. 3. Click **Save Changes**. Learn more in [Configure authenticated session timeout settings](https://docs.pingidentity.com/pingam/latest/am-sessions/session-state-session-termination.html#auth-session-termination-config). 6. If you're using PingAM Integration Kit 1.2 or later, create an OAuth client as described in [Create a client profile](https://docs.pingidentity.com/pingam/latest/am-oauth2/oauth2-register-client.html#configure-oauth2-client-profile) in the PingAM documentation. 1. In the **Core** section, make sure to set the `write` and `back_channel_authentication` scopes. 2. In the **Advanced** section, make sure to configure the [`Client Credentials`](https://docs.pingidentity.com/pingam/latest/am-oauth2/oauth2-client-cred-grant.html) grant type, and that the **Token Endpoint Authentication Method** is using `client_secret_basic`.