---
title: Configuring a PingAccess application
description: Perform the following steps to configure PingAccess applications.
component: pingaccess
version: 9.0
page_id: pingaccess:token_providers:pa_configuring_a_pa_app
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/token_providers/pa_configuring_a_pa_app.html
revdate: February 10, 2023
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
---

# Configuring a PingAccess application

Perform the following steps to configure PingAccess applications.

## Before you begin

* Install PingAccess and verify that you can access the [administrative console](../installing_and_uninstalling_pingaccess/pa_accessing_the_admin_console.html). For information on installing PingAccess, see [Installing and Uninstalling PingAccess](../installing_and_uninstalling_pingaccess/pa_installing_and_uninstalling_pa.html).

  |   |                                                                                                                                                                               |
  | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  |   | The default credential set should be changed upon first usage. The default credentials for your PingAccess installation are:```
  Username: Administrator
  Password: 2Access
  ``` |

* [Configure an application](https://docs.pingidentity.com/pingone/applications/p1_applications_add_applications.html) in PingOne.

* [Configure](pa_configuring_pa_to_use_p1_for_customers_as_the_token_provider.html) PingAccess to use PingOne as the token provider.

## About this task

For each application that you want to configure:

## Steps

1. Create a virtual host.

   For more information on creating a virtual host, see [Creating new virtual hosts](../pingaccess_user_interface_reference_guide/pa_creating_new_virtual_hosts.html).

   1. Click **Applications**, then go to **Applications > Virtual Hosts**.

   2. Click **[icon: plus, set=fa]Add Virtual Host**.

   3. In the **Host** filed, enter a name for the virtual host.

      For example: myHost.com. You can use a wildcard (`*`) to indicate that any host name is acceptable. A wildcard host can also be specified, such as `*.example.com`.

   4. In the **Port** field, enter the port number for the virtual host.

      For example: `1234`.

   5. In the **Agent Resource Cache TTL (s)** field, indicate the number of seconds the agent can cache resources for this application.

      |   |                                                |
      | - | ---------------------------------------------- |
      |   | Only applies to a destination of type `Agent`. |

   6. Click **Save**.

2. Create a web session.

   For more information on creating a web session, see [Creating web sessions](../pingaccess_user_interface_reference_guide/pa_creating_web_sessions.html).

   |   |                                                                                                                     |
   | - | ------------------------------------------------------------------------------------------------------------------- |
   |   | A web session is only used when protecting a web application. To protect APIs, configure an access token validator. |

   1. Click **Access**, then go to **Web Sessions > Web Sessions**.

   2. Click **[icon: plus, set=fa]Add Web Session**.

   3. In the **Name** field, enter a name for the web session.

   4. From the **Cookie Type** list, select your cookie type, either **Signed JWT** or **Encrypted JWT**.

   5. In the **Audience** field, enter a unique value.

   6. In the **Client ID** field, enter the PingOne client ID.

      |   |                                                                                   |
      | - | --------------------------------------------------------------------------------- |
      |   | You can find the Client ID on the **Profile** tab of the application you created. |

   7. From the **Client Credentials Type** list, select **Secret**.

   8. In the **Client Secret** field, enter the client secret found on the application's **Configuration** tab.

   9. Click **Show Advanced**.

   10. In the **Scopes** section, specify one or more scopes.

       |   |                                                                                                                                                      |
       | - | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
       |   | Ensure the scopes you specify match those configured for the PingOne application. Find the scopes on the **Access** tab of your PingOne application. |

   11. Click **Save**.

3. Create a site.

   For more information on creating a site, see [Adding sites](../pingaccess_user_interface_reference_guide/pa_adding_sites.html).

   |   |                                                                                                                                               |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | In some configurations, a site might contain more than one application. A site can be used with more than one application, where appropriate. |

   1. Click **Applications**, then go to **Sites > Sites**.

   2. Click **[icon: plus, set=fa]Add Site**.

   3. Specify a **Name** for the site.

   4. Enter the site **Target**.

      The target is the hostname:port pair for the server hosting the application. Do not enter the path for the application in this field. For example, an application at https\://mysite:9999/AppName will have a target value of `mysite:9999`.

   5. From the **Secure** list, select whether or not the target is expecting secure connections.

   6. If the target is expecting secure connections, from the **Trusted Certificate Group** list, select **Trust Any**.

   7. Click **Save**.

4. Create an application in PingAccess for each application that you want to protect.

   For more information on creating an application, see [Adding an application](../pingaccess_user_interface_reference_guide/pa_adding_an_app.html).

   1. Click **Applications**, then go to **Applications > Applications**.

   2. Click **[icon: plus, set=fa]Add Application**.

   3. In the **Name** field, enter a name for the application.

   4. In the **Description** field, optionally enter a description for the application.

   5. In the **Context Root** field, specify the context root for the application.

      For example, an application at https\://mysite:9999/AppName will have a context root of `/AppName`. If the application is on the root of the server, you can set the context root as `/`. The context root must begin with a slash (/), must not end with a slash (/), and can be more than one layer deep, for example, `/Apps/MyApp`.

   6. From the **Virtual Host** list, select the virtual host you created.

      |   |                                                                                |
      | - | ------------------------------------------------------------------------------ |
      |   | The combination of virtual host and context root must be unique in PingAccess. |

   7. From the **Application Type** list, select **Web**.

   8. From the **Web Session** list, select the web session you created.

   9. From the **Site** list, select the site you created that contains the application.

   10. Select the **Enabled** check box to enable the site when you save.

   11. Click **Save**.