---
title: Setting up Prometheus using OAuth
description: Prometheus pulls information from PingCentral endpoints and stores the data it retrieves.
component: pingcentral
version: 2.0
page_id: pingcentral:pingcentral_for_iam_administrators:pingcentral_prometheus_setup_oauth
canonical_url: https://docs.pingidentity.com/pingcentral/2.0/pingcentral_for_iam_administrators/pingcentral_prometheus_setup_oauth.html
revdate: September 14, 2023
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
  example: Example:
---

# Setting up Prometheus using OAuth

Prometheus pulls information from PingCentral endpoints and stores the data it retrieves.

## Before you begin

1. Enable single sign-on (SSO) with OpenID Connect (OIDC) in PingCentral's `application.properties` file.

2. Register an OAuth client in an authorization server with `grant_type = client_credentials`. Include the *claims*: *'sub'*, *'aud'*, and *'PingCentral-Role'* in an issued `access_token`.

3. Configure the `Resource Server` section in the `application.properties` file.

For more information, see [Setting up SSO for PingCentral](pingcentral_sso_pc.html).

## About this task

To configure Prometheus to connect to PingCentral with OAuth credentials:

## Steps

1. In PingCentral, in the `conf/application.properties` file, which resides in the PingCentral installation directory, locate and define the following properties.

   ```
   management.metrics.export.prometheus.enabled=true
   management.metrics.export.prometheus.step=5s
   ```

2. Save and close the file.

3. Restart PingCentral.

4. Set up the Prometheus `prometheus.yaml` configuration file and save it in the appropriate location.

   ### Example:

   To use an OAuth access token, use your OAuth credentials as configured in PingFederate or your third party authorization server. See the following example:

   ```
   global:
   scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
   # scrape_timeout is set to the global default (10s).

   # A scrape configuration containing exactly one endpoint to scrape:
   # Here it's Prometheus itself.
   scrape_configs:
   # Metrics for PingCentral
     - job_name: 'pingcentral-metrics'
       honor_timestamps: false
       metrics_path: */actuator/prometheus'
       scrape_interval: 5s
       scheme: https
       static_configs:
         - targets: [ 'xxx.xxx.x.x:9022' ]
       oauth2:
         client_id: prometheusPCClient
         client_secret: srZS9odxQF7m1tHUkUMcPvtSyz4P8XzVhy3CKn7VOOsBODYtBspRl2AXtExG2Q4Z
         scopes:
           - pc-admin-api
         token_url: https://pingfederate:9031/as/token.oauth2
       tls_config:
         insecure_skip_verify: true
   ```

   |   |                                                                                         |
   | - | --------------------------------------------------------------------------------------- |
   |   | Use `insecure_skip_verification: true` exclusively in development or test environments. |

5. Access Prometheus.

   For more information, see [Get started with Grafana and Prometheus](https://grafana.com/docs/grafana/latest/getting-started/get-started-grafana-prometheus/) in the Grafana documentation.