---
title: Configuring WS-Trust settings
description: You can configure PingFederate to require that client applications provide credentials to access the security token service (STS).
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_protocolsettingstasklet_wstruststssettingsstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_protocolsettingstasklet_wstruststssettingsstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Configuring WS-Trust settings

You can configure PingFederate to require that client applications provide credentials to access the security token service (STS).

## About this task

While this is an optional configuration, it is recommended for identity provider (IdP) configurations using the Username Token Processor. For other token processors and token generators, trust in the identity of the client is conveyed within the token itself and verified as part of processing. However, you can still configure authentication requirements to add another layer of security by limiting access to only authenticated clients.

|   |                                                                                                                                                                                                                                                                   |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | You can configure STS authentication to either apply globally to all token formats and for all IdP and service provider (SP) partner connections, or token-to-token mappings, using more fine-grained controls at the connection level through issuance criteria. |

|   |                                                                                                                                                                                                                                          |
| - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | WS-Trust STS settings can also be configured through the PingFederate Administrative API platform. Learn more in [Accessing the API interactive documentation](../developers_reference_guide/pf_access_api_interact_documentation.html). |

## Steps

1. Go to **System > Server** to open the **Protocol Settings** window

2. On the **WS-Trust STS Settings** tab, click **Configure WS-Trust STS Authentication**.

   Follow the configuration wizard to complete the task. For more information, see [Configuring STS authentication](pf_configuring_sts_authentication.html)

3. Click **Next** and continue with the rest of the configuration.

   |   |                                                                                                                                            |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------ |
   |   | When editing an existing configuration, you can also click **Save** as soon as the administrative console offers the opportunity to do so. |