---
title: Configuring PingFederate for user-initiated single logout
description: Configure PingFederate to provide PingAccess with access to the PingFederate-managed session.
component: pingaccess
version: 9.0
page_id: pingaccess:configuring_and_customizing_pingaccess:pa_configuring_pf_for_user_initiated_slo
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/configuring_and_customizing_pingaccess/pa_configuring_pf_for_user_initiated_slo.html
revdate: May 6, 2024
section_ids:
  steps: Steps
  choose-from: Choose from:
  choose-from-2: Choose from:
---

# Configuring PingFederate for user-initiated single logout

Configure PingFederate to provide PingAccess with access to the PingFederate-managed session.

## Steps

1. Sign on to the PingFederate administrative console.

2. Go to **System → OAuth Settings → Authorization Server Settings**.

3. Select **Track User Sessions for Logout**.

4. Click **Save**.

5. Select an OpenID Connect policy.

   ### Choose from:

   * If you are using PingFederate 10.0 or earlier, go to **System → OAuth Settings → OpenID Connect Policy Management** and click an existing policy.

   * If you are using PingFederate 10.1 or later, go to **Applications → OAuth → OpenID Connect Policy Management** and click an existing policy.

6. On the **Manage Policy** tab, select **Include Session Identifier in ID Token**.

   For more information about configuring an OpenID Connect (OIDC) *(tooltip: \<div class="paragraph">
   \<p>An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\</p>
   \</div>)* Policy, see [Configuring OpenID Connect Policies](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_configuring_oidc_policies.html) in the PingFederate Administrator's Manual.

7. Click **Save**.

8. Select the client to be used by PingAccess.

   ### Choose from:

   * If you are using PingFederate 10.0 or earlier, go to **System → OAuth Settings → Client Management** and select the client to be used by PingAccess.

   * If you are using PingFederate 10.1 or later, go to **Applications → OAuth → Clients** and select the client to be used by PingAccess.

9. In the **OpenID Connect** section of the client's configuration page, select **PingAccess Logout Capable**.

   |   |                                                                                                                              |
   | - | ---------------------------------------------------------------------------------------------------------------------------- |
   |   | If this option is not available, ensure that the **Track User Sessions for Logout** setting change made in step 3 was saved. |

10. Click **Save**.