--- title: Setting up Prometheus using OAuth description: Prometheus pulls information from PingCentral endpoints and stores the data it retrieves. component: pingcentral version: 2.1 page_id: pingcentral:pingcentral_for_iam_administrators:pingcentral_prometheus_oauth canonical_url: https://docs.pingidentity.com/pingcentral/2.1/pingcentral_for_iam_administrators/pingcentral_prometheus_oauth.html revdate: September 26, 2024 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps --- # Setting up Prometheus using OAuth Prometheus pulls information from PingCentral endpoints and stores the data it retrieves. ## Before you begin 1. Enable single sign-on (SSO) with OpenID Connect (OIDC) in PingCentral's application.properties file. 2. Register an OAuth client in an authorization server with grant\_type = client\_credentials. Include the claims: 'sub', 'aud', and 'PingCentral-Role' in an issued access\_token. 3. Configure the Resource Server section in the application.properties file. For more information, see [Setting up SSO for PingCentral](pingcentral_sso_pc.html). ## About this task To configure Prometheus to connect to PingCentral with OAuth credentials: ## Steps 1. In PingCentral, in the conf/application.properties file, which resides in the PingCentral installation directory, locate and define the following properties. ``` management.metrics.export.prometheus.enabled=true management.metrics.export.prometheus.step=5s ``` 2. Save and close the file. 3. Restart PingCentral. 4. Set up the Prometheus `prometheus.yaml` configuration file and save it in the appropriate location. **Example** To use an OAuth access token, use your OAuth credentials as configured in PingFederate or your third party authorization server. See the following example: ``` global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. # scrape_timeout is set to the global default (10s). # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # Metrics for PingCentral - job_name: 'pingcentral-metrics' honor_timestamps: false metrics_path: */actuator/prometheus' scrape_interval: 5s scheme: https static_configs: - targets: [ 'xxx.xxx.x.x:9022' ] oauth2: client_id: prometheusPCClient client_secret: srZS9odxQF7m1tHUkUMcPvtSyz4P8XzVhy3CKn7VOOsBODYtBspRl2AXtExG2Q4Z scopes: - pc-admin-api token_url: https://pingfederate:9031/as/token.oauth2 tls_config: insecure_skip_verify: true ``` | | | | - | --------------------------------------------------------------------------------------- | | | Use insecure\_skip\_verification: true exclusively in development or test environments. | 5. Access Prometheus. For more information, see [Get started with Grafana and Prometheus](https://grafana.com/docs/grafana/latest/getting-started/get-started-grafana-prometheus/).