--- description: The following configuration enables the Policy Editor to use PingOne for authentication. component: pingauthorize version: 10.1 page_id: pingauthorize:installing_and_uninstalling_pingauthorize:paz_config_paz_authentication_p1 canonical_url: https://docs.pingidentity.com/pingauthorize/10.1/installing_and_uninstalling_pingauthorize/paz_config_paz_authentication_p1.html section_ids: configuring-pingauthorize-policy-administration-to-use-pingone: Configuring PingAuthorize policy administration to use PingOne about-this-task: About this task steps: Steps result: Result: --- # Configuring PingAuthorize policy administration to use PingOne ## About this task The following configuration enables the Policy Editor to use PingOne for authentication. ## Steps 1. Run the \`/bin/stop-server` command to stop the Policy Editor. 2. Using the client ID and environment ID from [Configuring PingOne for PingAuthorize policy administration](#config_p1_for_paz), run the following command to configure the Policy Editor: ``` bin/setup oidc \ --licenseKeyFile \ --generateSelfSignedCertificate \ --hostname --port \ --adminPort \ --oidcBaseUrl https://auth.pingone.//as \ --clientId ``` 3. Run the `bin/start-server` command to start the Policy Editor. 4. Verify that you can sign on to the Policy Editor using the application you created in PingOne: 1. Go to the Policy Editor. 2. Click **Click to Sign in**. ### Result: Your browser redirects to the URL you set in [Configuring PingOne for PingAuthorize policy administration](#config_p1_for_paz). | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | By default, the signed-on username uses the `sub` JSON Web Token (JWT) *(tooltip: \
\

An IETF standard container format for a JSON object used for the secure exchange of content, such as identity or entitlement information. You can find the industry standard in \RFC 7519\.\

\
)* claim for the OpenID Connect (OIDC) *(tooltip: \
\

An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\

\
)* user ID. You can find details on using a non-default claim in [Changing the default JWT claim for the OIDC user ID](../pingauthorize_server_administration_guide/paz_config_jwt_claims.html). |