---
title: Configuring the token provider
description: Establish communication with the token provider, PingFederate.
component: pingaccess
version: 9.0
page_id: pingaccess:token_providers:pa_configuring_the_token_provider
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/token_providers/pa_configuring_the_token_provider.html
revdate: February 6, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  next-steps: Next steps
---

# Configuring the token provider

Establish communication with the token provider, PingFederate.

## About this task

For more information, see [Manage Token Provider](../pingaccess_user_interface_reference_guide/pa_token_provider.html).

## Steps

1. Click **Settings**, then go to **System > Token Provider > PingFederate > Runtime**.

2. In the **Issuer** field, enter the PingFederate issuer URI.

3. From the **Trusted Certificate Group** list, select the **PingFed** certificate group.

4. Click **Save**.

5. Click **Settings**, then go to **System > Token Provider > PingFederate > Administration**.

6. In the **Host** field, enter the host name or Internet Protocol (IP) *(tooltip: \<div class="paragraph">
   \<p>The method by which data is sent across the internet from the source host to the destination host.\</p>
   \</div>)* address for the PingFederate Admin.

   For example, `mypingfedserver`.

7. In the **Port** field, enter the port number for the PingFederate Admin.

   For example, `9999`.

8. In the **Admin Username** field, enter the username.

   This username only requires auditor (read only) permissions in PingFederate.

9. In the **Admin Password** field, enter the password.

10. From the **Secure** list, select **Secure**.

11. From the **Trusted Certificate Group** list, select the **PingFed** certificate group.

12. Click **Save**.

13. Click **Settings**, then go to **System > Token Provider > PingFederate > OAuth Resource Server**.

14. In the **Client ID** field, enter the OAuth Client ID you defined when creating the PingAccess OAuth client *(tooltip: \<div class="paragraph">
    \<p>The application in an OAuth framework that requests access to resources. If the request is approved by the authorization server, the client is issued an access token for the resources.\</p>
    \</div>)* in PingFederate.

    For example, `pa_rs`.

15. In the **Client Credentials Type** section, select **Secret**, then enter the **Client Secret** assigned when you created the PingAccess OAuth client in PingFederate.

16. In the **Subject Attribute Name** field, enter the attribute you want to use from the OAuth access token *(tooltip: \<div class="paragraph">
    \<p>A data object by which a client authenticates to a resource server and lays claim to authorizations for accessing particular resources.\</p>
    \</div>)* as the subject for auditing purposes.

    For example, `username`.

17. Click **Save**.

## Next steps

You can configure PingAccess to [Protect a web application](../pingaccess_use_cases/pa_protecting_a_web_app_with_pa_in_a_gateway_deployment.html).