--- title: Managing authentication applications description: You can create and manage authentication applications that use the authentication API. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:help_authenticationapplicationstasklet_authenticationapplicationsstate canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_authenticationapplicationstasklet_authenticationapplicationsstate.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: December 13, 2022 section_ids: about-this-task: About this task steps: Steps --- # Managing authentication applications You can create and manage authentication applications that use the authentication API. ## About this task Authentication applications display user interfaces to collect credentials when authentication is completed through the PingFederate authentication API. The default authentication application is used for authentication sources that support the authentication API functionality and are invoked directly, rather than as part of an authentication policy. ## Steps 1. To manage authentication applications, go to **Authentication > Integration > Authentication API Applications**. ![Screenshot of the Authentication API Applications window](_images/qhd1670971792412.png) 2. To toggle the availability of authentication API support, select or clear the **Enable Authentication API** checkbox. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The **Enable API Explorer**, **Restrict Access to Redirectless Mode**, and **Include Request Context in API Responses** checkboxes are applicable and shown if the **Enable Authentication API check** box is selected. | | Option | Description | | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Enable API Explorer** | PingFederate includes an API Explorer that allows you to view the states, actions, and models available for the various API-­capable adapters and selectors included in your PingFederate environment.The endpoint for the Authentication API Explorer is `/pf-ws/authn/explorer`. Learn more in [Exploring the authentication API](../developers_reference_guide/pf_exploring_authentication_api.html).This checkbox is enabled by default. | | **Restrict Access to Redirectless Mode** | It is strongly recommended to enable the **Restrict Access to Redirectless Mode** setting. If it is not enabled, authentication applications can use a user's existing session to obtain tokens for any public client defined in the deployment, that is any client with no authentication method defined.Enabling **Restrict Access to Redirectless Mode** ensures that authentication applications can only obtain tokens for the client specified in the application's settings. When you enable this setting, make sure to update authentication applications that use redirectless mode and specify the client that they are allowed to use.Learn more about how to allow highly-trusted authentication applications to employ the PingFederate Authentication API in [Configuring authentication applications](help_authenticationapplicationtasklet_authenticationapplicationstate.html).**Restrict Access to Redirectless Mode** is enabled by default. | | **Include Request Context in API Responses** | To pass single sign-on (SSO) request context parameters and tracked parameters to authentication applications, select the **Include Request Context in API Responses** checkbox.Enabling this feature allows authentication API clients to use the context of SSO requests to make decisions and change branding. When enabled, the authentication API response includes the `requestContext` parameter of type Map. The following parameters are included when they are relevant to the SSO transaction:- `pluginId` The ID of the identity provider (IdP) adapter or the authentication selector - `entityId` The ID of the service provider (SP) connection used in the SSO transaction - `applicationName` The name of the SP connection or OAuth client used in the SSO transaction - `client_id` The ID of the OAuth client used in the SSO transaction - `spAdapterId` The ID of the SP adapter used in the SSO transaction - `oidcUiLocales` The OIDC `ui_locales` - `trackedHttpParams` An array of the tracked HTTP parameters passed when processing authentication policies - `extendedProperties` Passes defined extended properties to all applicable velocity templates and as a request context parameter in the authentication API Except for tracked HTTP parameters, these parameters do not include sensitive information. Whether tracked HTTP parameters include sensitive information depends on which parameters you choose to track in policies. For information about configuring tracked HTTP parameters, see Defining authentication policies. | 3. In the **Default Authentication Application** section, perform any of the following actions. | Option | Action | | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Default Authentication Application** | Select an application from the list to designate as the default authentication application. | | **Check Usage** | Click to open a pop-up window listing the configurations in which the authentication is used. This is only available for the default authentication application. | | **Add Authentication Application** | Click to add a new authentication application. See [Configuring authentication applications](help_authenticationapplicationtasklet_authenticationapplicationstate.html). | | **Delete** | Click to remove an authentication application. | 4. Click **Save**.