---
title: What can I do with PingAccess?
description: PingAccess provides a highly customizable solution to identity and access management (IAM) that allows you to control access by specifying the conditions that users must meet to access protected application and API resources.
component: pingaccess
version: 9.0
page_id: pingaccess:introduction_to_pingaccess:pa_what_can_i_do_with_pa
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/introduction_to_pingaccess/pa_what_can_i_do_with_pa.html
revdate: October 7, 2025
---

# What can I do with PingAccess?

PingAccess provides a highly customizable solution to identity and access management (IAM) that allows you to control access by specifying the conditions that users must meet to access protected application and API resources.

The upcoming PingAccess features section describes the methods that PingAccess uses to control access and perform system functions. You can find more information on how you can use PingAccess in the following resources:

* [Configuring and Customizing PingAccess](../configuring_and_customizing_pingaccess/pa_configuring_and_customizing_pa_landing_topic.html)

* [Reference Guides](../reference_guides/pa_reference_guides_landing_topic.html)

* [PingAccess User Interface Reference Guide](../pingaccess_user_interface_reference_guide/pa_ui_ref_guide.html)

The main functionality of PingAccess enables you to protect an application or application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)*. You can:

* Use PingAccess to protect the application and API resources to which client requests are forwarded.

* Partition applications for tighter access control through the use of resources.

* Customize the configuration of site authenticators and authentication requirements to suit the security needs of your organization.

* Incorporate legacy authentication mechanisms through [token mediation](pa_how_does_pa_work.html#token-mediation).

* Apply policies to define how and when a client can access target resources.

> **Collapse: PingAccess features**
>
> Customize your identity access management configuration with the following features:
>
> * Apply policies
>
>   Use policies, made up of rules, set of rules, or groups of rule sets applied to an application and its resources, to define how and when a client can access target sites. [Rules](../pingaccess_user_interface_reference_guide/pa_rules.html) are the building blocks for access control and request processing.
>
> * Backup and restore
>
>   [Backup or restore](../backing_up_and_restoring_pingaccess/pa_backing_up_and_restoring_pa.html) a PingAccess configuration with just a few clicks.
>
> * Configure a token provider
>
>   You can configure PingAccess to use PingFederate as the token provider or to use a common token provider through the OAuth *(tooltip: \<div class="paragraph">
>   \<p>A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\</p>
>   \</div>)* 2.0 or OpenID Connect (OIDC) *(tooltip: \<div class="paragraph">
>   \<p>An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\</p>
>   \</div>)* protocols.
>
>   * Learn more about how to configure a token provider in the PingAccess admin console in [Token provider](../pingaccess_user_interface_reference_guide/pa_token_provider.html).
>
>   * You can find more information on how to set up a connection between a token provider and PingAccess in [Token Providers](../token_providers/pa_token_providers_landing_topic.html).
>
>     |   |                                                                                                                                                                                                                                                            |
>     | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
>     |   | This section of the documentation provides information on how to configure a few common token providers as the token provider for PingAccess, while the previous link includes information on how to set up PingAccess to connect with the token provider. |
>
> * Configure administrator authentication
>
>   Allow administrators to authenticate with a simple username and password or configure them to authenticate using single sign-on (SSO) *(tooltip: \<div class="paragraph">
>   \<p>The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without reauthenticating.\</p>
>   \</div>)* or an API in conjunction with PingFederate. Learn more in [Admin authentication](../pingaccess_user_interface_reference_guide/pa_admin_authn.html).
>
> * Configure advanced network settings
>
>   Create an [availability profile](../pingaccess_user_interface_reference_guide/pa_availability_profiles.html) to determine how you want to classify a target server as having failed, configure listener ports, define a [load balancing strategy](../pingaccess_user_interface_reference_guide/pa_load_balancing_strategies.html), or use HTTP requests to match a served resource with the originating client.
>
> * Configure logging
>
>   Capture several log types, including those for the engine, security auditing, and cookies. Store logs in Splunk, in an Oracle, PostgreSQL, or SQL Server database, or in a file. Learn more in [Log configuration](../configuring_and_customizing_pingaccess/pa_logging_configuration.html).
>
> * Configure single logout (SLO) *(tooltip: \<div class="paragraph">
>   \<p>The process of signing a user out of multiple sites where the user has started a SSO session.\</p>
>   \</div>)*
>
>   End PingAccess sessions easily when used in conjunction with PingFederate managed sessions or compatible third-party OIDC *(tooltip: \<div class="paragraph">
>   \<p>An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\</p>
>   \</div>)* providers. Learn more in [Configuring a PingFederate runtime](../pingaccess_user_interface_reference_guide/pa_pf_runtime.html) or [Configuring OpenID Connect token providers](../pingaccess_user_interface_reference_guide/pa_configuring_oidc.html).
>
> * Create clusters
>
>   Deploy PingAccess in a clustered environment to provide higher scalability and availability for critical services. Place a load balancer in front of the cluster to distribute connections to the nodes in the cluster. Learn more in [Clustering in PingAccess](../reference_guides/pa_clustering_ref_guide.html).
>
> * Customize PingAccess look and feel
>
>   [Customize and localize](../configuring_and_customizing_pingaccess/pa_customize_localize_landing_topic.html) the PingAccess pages that your users see, including those for error messages and logout confirmation.
>
> * Customize with SDKs
>
>   Customize development with SDKs to extend the functionality of the PingAccess server. Learn more in [PingAccess Add-on SDK for Java](../agents_and_integrations/pa_add_on_sdk_for_java.html).
>
> * Manage certificates and key pairs
>
>   Import [certificates](../pingaccess_user_interface_reference_guide/pa_certificates.html) to establish trust with certificates presented during secure HTTPS sessions. Import or generate [key pairs](../pingaccess_user_interface_reference_guide/pa_key_pairs.html) that include the private key and X.509 Attribute Sharing Profile (XASP) *(tooltip: \<div class="paragraph">
>   \<p>Defines a specialized extension of the general attribute query profile and enables organizations with an investment in PKI (Public Key Infrastructure) to issue and receive attribute queries based on user-certificate authentication.\</p>
>   \</div>)* certificate required for HTTPS communication.
>
> * Manage sessions
>
>   Use [web sessions](../pingaccess_user_interface_reference_guide/pa_web_sessions.html) to define the policies for web application session creation, lifetime, timeout, and scope *(tooltip: \<div class="paragraph">
>   \<p>In OAuth, a parameter on an access request and resulting, issued access token that specifies a limitation or limitations on access to the protected resource or resources.\</p>
>   \</div>)*. Use multiple web sessions to scope the session to meet the needs of a target set of applications. Web sessions improve the security model of the session by preventing unrelated applications from impersonating the end user.
>
> * Manually configure runtime parameters
>
>   Use a text editor to modify configuration file settings used by PingAccess at runtime. You can find more information in the [Configuration file reference](../reference_guides/pa_config_file_ref.html).
>
> * Protect an application or API
>
>   Use PingAccess to protect the application and API resources to which client requests are forwarded. Partition [applications](../pingaccess_user_interface_reference_guide/pa_applications_operations.html) for tighter access control through the use of [resources](../pingaccess_user_interface_reference_guide/pa_application_resources.html). Customize configuration of [site authenticators](../pingaccess_user_interface_reference_guide/pa_site_authenticators.html) and [authentication requirements](../pingaccess_user_interface_reference_guide/pa_authentication.html) to suit the security needs of your organization.
>
>   The [developers page](http://developer.pingidentity.com/pingaccess.html) contains additional resources for developing applications to work with PingAccess.
>
> * Tune performance
>
>   Optimize a wide variety of PingAccess components for maximum performance. Learn more in [Performance tuning](../reference_guides/pa_performance_tuning.html).
>
> * Upgrade an existing installation
>
>   Upgrade an existing installation using the installer or selectively manage the upgrade process with the PingAccess upgrade utility. Learn more in [Installing and Uninstalling PingAccess](../installing_and_uninstalling_pingaccess/pa_installing_and_uninstalling_pa.html).
>
> * Use APIs
>
>   Use the PingAccess APIs to provide a powerful configuration and management experience outside the PingAccess user interface. Learn more in [Accessing the PingAccess administrative API](../installing_and_uninstalling_pingaccess/pa_accessing_the_pa_admin_api.html).