--- title: Enabling OAuth 2.0 authorization description: PingFederate clients can gain access to the administrative API endpoint by providing an OAuth 2.0 access token. The /pingfederate/bin/oauth2.properties file contains settings that allow you to configure information required to interact with the authorization server as a client. component: pingfederate version: 13.0 page_id: pingfederate:developers_reference_guide:pf_enable_oauth20_authoriz canonical_url: https://docs.pingidentity.com/pingfederate/13.0/developers_reference_guide/pf_enable_oauth20_authoriz.html revdate: November 24, 2022 section_ids: steps: Steps --- # Enabling OAuth 2.0 authorization PingFederate clients can gain access to the administrative API endpoint by providing an OAuth 2.0 access token. The `/pingfederate/bin/oauth2.properties` file contains settings that allow you to configure information required to interact with the authorization server as a client. ## Steps 1. In the `/pingfederate/bin/run.properties` file, set the value of the `pf.admin.api.authentication` property to `OAuth2`. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can also configure PingFederate to support both `OAuth2` authorization and a basic authentication method by specifying two values separated with a comma. For example, specify `pf.admin.api.authentication=OAuth2,LDAP`. The basic authentication methods are `native`, `LDAP`, and `RADIUS`. Supporting two authentication methods is helpful when you want to change applications from one method to another. For more information about supporting two authentication methods, see the description of `pf.admin.api.authentication` in [Configuring PingFederate properties](../administrators_reference_guide/pf_config_pf_propert.html). | 2. In the `/pingfederate/bin/oauth2.properties` file, change property values as needed. For instructions and additional information, see the comments in the file. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Remember to assign at least one of the PingFederate administrative roles, as indicated in the properties file. For information about permissions attached to the PingFederate roles, see the PingFederate User Access Control table in [Configure access to the administrative API](pf_config_access_to_admin_api.html). | 3. Restart PingFederate. | | | | - | ------------------------------------------------------------------------------------------------------------------------------ | | | In a clustered PingFederate environment, you only need to modify `run.properties` and `oauth2.properties` on the console node. |