---
title: Configuring PingOne
description: Configure PingOne as the token provider in PingAccess.
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_configuring_p1
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_configuring_p1.html
revdate: December 1, 2023
section_ids:
  before-you-begin: Before you begin
  steps: Steps
  next-steps: Next steps
---

# Configuring PingOne

Configure PingOne as the token provider in PingAccess.

## Before you begin

You must have the PingOne issuer ID, or have access to the PingOne console, to perform this procedure.

## Steps

1. Click **Settings**, then go to **System > Token Provider > PingOne**.

2. In the **Issuer** field, enter the PingOne issuer ID.

   This information is available in the PingOne console.

3. **Optional:** In the **Description** field, enter a description for the connection.

4. In the **Trusted Certificate Group** list, select a trusted certificate group for PingAccess to use when authenticating to PingOne.

5. To configure the connection to use a configured proxy, click **Show Advanced Settings** and select **Use Proxy**.

   For more information about creating proxies, see [Adding proxies](pa_adding_proxies.html).

6. To configure OAuth 2.0 Demonstrating Proof of Possession (DPoP) settings, click **Show Advanced Settings**:

   1. In the **DPoP Type** list, select the level of DPoP support that you want to enable for access token validation:

      * **Off** (default): PingAccess doesn't accept DPoP-bound access tokens, only bearer tokens.

      * **Enabled**: PingAccess accepts both bearer tokens and DPoP-bound access tokens.

      * **Required**: PingAccess doesn't accept bearer tokens, only DPoP-bound access tokens.

   2. To require each DPoP proof to contain a nonce value during validation that was provided by PingAccess when the access token was created, per [RFC 9449 section 9](https://www.rfc-editor.org/rfc/inline-errata/rfc9449.html#:~:text=Next%20Nonce%20Value-,9.%20%20Resource%20Server%2DProvided%20Nonce,-Resource%20servers%20can), select **Require Nonce**.

      This check box is cleared by default.

   3. In the **DPoP Proof Lifetime (SEC.)** field, enter the duration, in seconds, that a DPoP proof should be considered valid after it's issued.

      |   |                                                                                                                                                    |
      | - | -------------------------------------------------------------------------------------------------------------------------------------------------- |
      |   | As a security best practice, keep this value low and consistent with the DPoP implementation of your API client. The default value is 120 seconds. |

7. Click **Save**.

## Next steps

After you configure the token provider, click **View Metadata** to display the metadata provided by the token provider. To update the metadata, click **View Metadata → Refresh Metadata**.