Rotating and revoking a PingID properties file
You can rotate or revoke a PingID properties file.
About this task
Revoking a properties file removes it from PingID, invalidating any devices that used it.
|
Revoking a properties file should be done with extreme caution. Users signed on to machines with authentication based on a revoked properties file can continue to work normally. However, at their next sign on, they won’t be able to authenticate and will be locked out of their machines. |
Rotating a properties file involves replacing a properties file with a new one. To minimize downtime to users:
Steps
-
In the PingOne admin portal, go to Setup → PingID → Client Integration.
The Client Integration page shows all PingID properties files associated with each type of properties file, such as PingFederate and unrestricted, Windows and Mac login, or SSH login properties files.
-
To ensure minimal downtime when rotating a PingID properties file (key rotation):
-
To generate a new PingID properties file, click Generate.
-
The Download button next to the name of the generated file is displayed as disabled. Click Save at the bottom of the page to enable the Download button.
-
Click Download.
-
Link it to the relevant client.
The documentation for each client explains how it is linked, such as by running the GUI or CLI installer.
-
-
In the properties file list, select the file to be revoked (the old properties file from step 2, if relevant) and click Revoke.
Result:
A confirmation window is displayed.
-
Click Revoke, and then click Save.
Result:
The selected file is removed from the PingID server and can no longer be used for authentication.