---
title: Adding environments
description: Use the wizard to add PingFederate and PingAccess environments to PingCentral.
component: pingcentral
version: 2.2
page_id: pingcentral:pingcentral_for_iam_administrators:pingcentral_add_environments
canonical_url: https://docs.pingidentity.com/pingcentral/2.2/pingcentral_for_iam_administrators/pingcentral_add_environments.html
revdate: June 20, 2024
section_ids:
  before-you-begin: Before you begin
  steps: Steps
  choose-from: Choose from:
  choose-from-2: Choose from:
  result: Result:
---

# Adding environments

Use the wizard to add PingFederate and PingAccess environments to PingCentral.

## Before you begin

Ensure that PingFederate is configured as a token provider for PingAccess.

For more information, see [Configuring PingFederate as a PingAccess token provider](pingcentral_configuring_pf_token_provider.html).

## Steps

1. On the **Environments** page, click **Add Environment**.

2. On the **Connect to Instances** page, connect to a PingFederate or PingAccess environment:

   ### Choose from:

   * **Native**: Complete the **Username** and **Password** fields for your PingFederate or PingAccess environments.

   * **OAuth2**: Complete the **Token Endpoint URL**, **Client ID**, **Client Secret**, and **Scopes** fields.

   * **Client Certificate**: Select the certificate you want to use for mTLS. See [Configuring Mutual TLS](pingcentral_config_mtls.html) for details on uploading these certificates.

     |   |                                                                                                     |
     | - | --------------------------------------------------------------------------------------------------- |
     |   | If an environment is disabled or offline, you will be unable to add the environment to PingCentral. |

     If this is the first time that you have set up this environment, and the initial validation fails, you see a **Skip Verification** option. If you select this option, it allows you to skip the validation process. However, if you set it up correctly, you won't see this option.

   If the environment is disabled or offline, and you edit the connection configuration, the **Skip Verification** check box is automatically marked.

3. Click **Next**.

4. On the **Name Environment** page, complete the **Name**, **Short Code**, and **Description** fields.

5. **Optional:** To configure whether non-administrators need approval for promoting an application to an environment, select an option from the **Approval Type** list:

   ### Choose from:

   * Select **No Approval** to allow non-administrators to promote applications to the environment freely.

   * Select **Approval Required** to indicate that application promotion requires approval.

   * Select **Require Approval If Any Expression Fails** and proceed to the next step to configure an **Approval Expression**.

   * Select **Require Approval If Any Expression Succeeds** and proceed to the next step to configure an **Approval Expression**.

6. **Optional:** If you selected **Require Approval If Any Expression Fails** or **Require Approval If Any Expression Succeeds**, you must configure a Spring Expression Language (SpEL) expression in the **Approval Expression** field.

   You can use SpEL expressions to determine whether an application requires approval or not. For more information, see [Creating and testing approval expressions](pingcentral_create_test_expressions.html) at the bottom of this page for details.

   |   |                                                                                                                                                                                             |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | For more information on SpEL, see [Spring Expression Language (SpEL)](https://docs.spring.io/spring-framework/docs/3.0.x/reference/expressions.html) in the Spring Framework documentation. |

7. **Optional:** If you want application owners to be able to edit the underlying application JSON when they promote their OAuth and SAML applications, select **Allow JSON editing for application promotions**.

   |   |                                                                                                                                                                                                                                                                                   |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | Providing application owners with this ability can be risky, so it's highly recommended that you require promotion requests to be approved. That way, you'll be able to compare the submitted application JSON to the original application JSON before you approve the promotion. |

8. **Optional:** To enforce random secret generation and restrict non-administrators from creating their own, select the **Enforce Random Client Secrets** check box.

   PingCentral will generate random client secrets.

9. **Optional:** Select the **Allow only administrators to delete applications from PingFederate** (and PingAccess, when applicable), option to restrict application owners from deleting applications from environments.

10. **Optional:** To add an identity provider (IdP) *(tooltip: \<div class="paragraph">
    \<p>A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\</p>
    \</div>)* certificate, select the appropriate certificate in the **Signing Certificate** list or to upload your own certificate, click **Choose** and enter the certificate password in the appropriate field. Click **Save and Close**.

    ### Result:

    The environment is displayed on the **Environments** page. If you chose to protect the environment, you see a shield icon next to its name. Depending on the type of environment, you also see a **PF** or **PA** icon. The color of this icon represents the status of the environment. A green icon indicates that the environment is verified while a red icon indicates that the environment isn't verified.

    Depending on if an environment is online, offline, or disabled, you see the environment status in a display bar. You also see the toggle switch that you can click to disable the environment and indicate that it is undergoing maintenance.

11. Click **Save and Continue**.

12. Click the expandable icon associated with the environment to view environment details.

    ![A screen capture showing the Environments page, which lists all of the environments and displays details regarding each environment when the associated expandable icon is clicked.](_images/val1695410125951.png)

    Environment details include:

    * A link to PingFederate.

    * A link to PingAccess.

    * A description of the environment.

    * The total number of applications hosted on this environment and a breakdown of or clients, connections, and applications. Click these links to access filtered lists of these applications on the **Applications** page.

      |   |                                                                                                                |
      | - | -------------------------------------------------------------------------------------------------------------- |
      |   | If an environment is unavailable, applications in that environment don't display on the **Applications** page. |