PingFederate Server

Configuring SSO from the PingOne for Enterprise admin portal to the PingFederate administrative console

You can single sign-on (SSO) to the PingFederate administrative console from PingOne for Enterprise and configure authentication procedures as desired.

About this task

In PingFederate 10.1 and later, you can connect to PingOne for Enterprise after the initial PingFederate setup by going to System → External Systems → Connect to PingOne for Enterprise.

Additionally, you can continue to sign on to the administrative console through native or alternative console authentication using the direct sign on page. You can also disable the direct sign on page to enforce the policy that administrators must SSO to the administrative console from the PingOne admin portal.

Steps

  • To SSO to the administrative console:

    1. Start a web browser.

    2. Browse to the URL https://<pf_host>:9999/pingfederate/app, where <pf_host> is the network address of your PingFederate server, either an IP address, a host name, or a fully qualified domain name reachable from your computer.

      Result:

      If the SSO option is enabled on the PingOne for Enterprise Settings window and you have signed on to the PingOne admin portal, the PingFederate administrative console is made available. If you are not signed on to the PingOne admin portal, you are prompted to enter your PingOne admin portal credentials. Upon verification, the PingFederate administrative console is made available.

  • To sign on through native or alternative console authentication:

    1. Start a web browser.

    2. <pf_host>:9999/pingfederate/app?service=page/directLogin, where <pf_host> is the network address of your PingFederate server, either an IP address, a host name, or a fully qualified domain name reachable from your computer.

  • To disable native and alternative console authentication:

    1. Edit the <pf_install>/pingfederate/bin/run.properties file.

    2. Change the pf.console.authentication property value to Browse to the URL https://none.

    3. Save the change and then restart PingFederate.

      In a clustered PingFederate environment, you only need to modify the run.properties file on the console node.

      Result:

      After restart, the direct login page is disabled. Administrators can only SSO to the PingFederate administrative console from the PingOne admin portal at https://Browse to the URL<pf_host>:9999/pingfederate/app.

    To re-enable native or alternative console authentication, update the pf.console.authentication property accordingly and then restart PingFederate.