---
title: Configuring Apigee for PingAccess integration
description: Install the PingAuth shared flow bundle in Apigee and configure it to integrate with PingAccess.
component: pingaccess
version: 9.0
page_id: pingaccess:agents_and_integrations:pa_configuring_apigee_for_pa_integration
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/agents_and_integrations/pa_configuring_apigee_for_pa_integration.html
revdate: August 8, 2025
section_ids:
  steps: Steps
  choose-from: Choose from:
---

# Configuring Apigee for PingAccess integration

Install the PingAuth shared flow bundle in Apigee and configure it to integrate with PingAccess.

## Steps

1. Upload the shared flow bundle.

   ### Choose from:

   * If you're using Apigee X, go to **Develop > Shared Flows** and click **Upload Bundle**. Upload the PingAuth shared flow `.zip` file, and name the shared flow `PingAuth`.

   * If you're using Apigee Edge or Apigee Private Cloud, click **[icon: plus, set=fa]Shared Flow**, then click **Upload Bundle**. Upload the PingAuth shared flow bundle `.zip` file, and name the shared flow `PingAuth`.

   ![This screen capture shows the Create a Shared Flow window with the text PingAuth entered in the Name field.](_images/kul1654895082087.png)

2. If you're using Apigee X, configure the connection to PingAccess.

   |   |                                                                                                                                                                                                                                                                                                                                                     |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | Unlike Apigee Edge, Apigee X doesn't currently support managing the configuration values stored in key value maps in the Apigee interface. You must add these configuration values to the key value map policy. The key value map is created and the configuration values are added the first time the PingAuth shared flow is executed at runtime. |

   1. Go to the PingAuth shared flow at **Develop > Shared Flows > PingAuth**.

   2. Click the **Develop** tab and examine **Revisions** to make sure you are on the latest revision.

   3. In the **Policies** panel on the left, click the **Load KVM Config** policy.

   4. In the policy editor panel, remove the comment lines above and below the `InitialEntries` element.

   5. Edit the values for `service_host_port` and `shared_secret` to match the values that you obtained in the previous procedure, [Configuring PingAccess for Apigee integration](pa_configuring_pa_for_apigee_integration.html).

   6. Click **Save**.

   ![This screen capture shows a completed Apigee X configuration. The service\_host\_port parameter is highlighted.](_images/lmv1654895621195.png)

3. If you're using Apigee Edge or Apigee Private Cloud, configure the connection to PingAccess.

   Apigee Edge stores environment-specific configuration values in key value maps so that the same policies can be used across multiple deployment environments without any changes to the policies.

   1. Go to **Environment > Key Value Maps** and click **[icon: plus, set=fa]Key Value Map**.

   2. Edit the key value map and click **Add Entry**. Use the key names `service_host_port` and `shared_secret`, and set the values to match the ones that you obtained in the previous procedure, [Configuring PingAccess for Apigee integration](pa_configuring_pa_for_apigee_integration.html).

   3. Click **Save**.

   ![This screen capture shows a completed Apigee Edge or Apigee Private Cloud configuration on the Key Value Maps tab.](_images/uvp1654895936909.png)

4. (Optional) Configure HTTPS trust for PingAccess.

   By default, the PingAuth shared flow is configured to trust the PingAccess Sideband Listener HTTPS certificates only if they're issued from a well-known CA. To trust specific HTTPS certificates for PingAccess servers:

   1. Go to the PingAuth shared flow at **Develop > Shared Flows > PingAuth**.

   2. Click the **Develop** tab and examine **Revisions** to make sure you are on the latest revision.

   3. In the **Policies** section of the **Navigator**, click the **Sideband Call** policy.

   4. In the policy editor panel, remove the comment characters surrounding the `TrustStore` element.

      ![Screen capture of the policy editor panel. The uncommented TrustStore element is highlighted.](_images/ctm1654896396516.png)

   5. Click **Save**.

   6. Go to **Environment > TLS Keystores** and click **[icon: plus, set=fa]Keystore**.

   7. Give the key store a name that helps you identify your PingAccess environment, such as `PingAccess-dev-truststore`.

   8. Click **[icon: plus, set=fa]**to add a certificate, give the certificate an alias, and upload the certificate that you obtained earlier. Click **Save**.

      ![This screen capture shows a configured TLS keystore certificate.](_images/zyi1654897005188.png)

   9. Go to **Environment > References** and click **+Reference**.

   10. In the **Name** field, enter `PingAuthTrust`.

   11. Select the key store you created earlier, then click **Save**.

       ![This screen capture shows a configured PingAuthTrust reference.](_images/kcc1654897406628.png)

5. Deploy the shared flow:

   1. Go to **Develop > Shared Flows > PingAuth**.

   2. Deploy the most recent revision of the shared flow to your environment.