---
title: Configuring authentication requirements for outbound messages
description: You can configure the authentication requirements used to validate outbound messages in PingFederate.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_config_auth_require_for_outboundd_messag
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_config_auth_require_for_outboundd_messag.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  steps: Steps
---

# Configuring authentication requirements for outbound messages

You can configure the authentication requirements used to validate outbound messages in PingFederate.

## Steps

On the **Back-Channel Authentication** tab, in the **Send to your partner** section, click **Configure**.

On the **Outbound SOAP Authentication Type** tab, choose one or more authentication methods.

* HTTP Basic

  When selected, the administrative console prompts you to enter the credentials on the **Basic SOAP Authentication (Outbound)** tab.You must obtain these credentials from your partner.

* SSL Client Certificate

  Applicable only if you specify an endpoint that uses HTTPS.When selected, the administrative console prompts you to specify your client certificate on the **SSL Authentication Certificate** tab. If you have not yet created or imported the client certificate, click **Manage Certificates** to do so. For more information, see [Manage SSL client keys and certificates](help_certmanagementtasklet_sslcertauth_certmanagementstate.html).

|   |                                                                                                  |
| - | ------------------------------------------------------------------------------------------------ |
|   | When exporting this client certificate for your partner, choose the **Certificate Only** option. |

* Digital Signature (Browser SSO profile only)

  You select a signing certificate on the **Digital Signature Settings** tab.This option leverages on the digital signature of the message.

* Perform validation on partner's SSL server certificate when SSL used

  By default, PingFederate validates your partner's HTTPS server certificate, verifying that the certificate chain is rooted by a trusted certificate authority (CA) and that the hostname matches the certificate's common name (CN).Clear the associated checkbox if you do not want this validation to occur.

These options can be used in any combination or independently.

On the **Summary** tab, review your configuration and perform one of the following tasks.

* Amend your configuration

  Click the corresponding tab title and then follow the configuration wizard to complete the task.

* Keep your changes

  Click **Done** and continue with the rest of the configuration.

|   |                                                                                                                                            |
| - | ------------------------------------------------------------------------------------------------------------------------------------------ |
|   | When editing an existing configuration, you can also click **Save** as soon as the administrative console offers the opportunity to do so. |

* Discard your changes

  Click **Cancel**.