---
title: Preparing to deploy the PingIntelligence policy on APIM
description: Complete the following prerequisites before deploying the PingIntelligence policy on API Manager (APIM):
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_integrations:pingintelligence_prepare_azure_apim
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_prepare_azure_apim.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  troubleshooting: Troubleshooting:
---

# Preparing to deploy the PingIntelligence policy on APIM

Complete the following prerequisites before deploying the PingIntelligence policy on API Manager (APIM):

## About this task

Before deploying the PingIntelligence policy on APIM:

## Steps

1. Confirm that the Azure APIM Service is available.

   The PingIntelligence policy supports Azure APIM Q2CY2020 version. If you are using any other version, contact Ping Identity support.

2. Confirm that the APIs to which you want to apply the PingIntelligence policy are available.

3. To use the API Security Enforcer (ASE) self-signed certificate, configure the CA certificate from the **Security → CA certificates** the section.

   ![A screenshot of the CA certificates page.](../_images/rcm1564009244234.png)

4. Select one of the following four levels to apply the PingIntelligence policy:

   * For all the APIs

   * For a group of APIs, that is, at the product level

   * For individual APIs

   * For a specific operation in the API

5. Install and configure the PingIntelligence software.

   Refer to the PingIntelligence deployment guide for your environment type.

6. Verify that ASE is in `sideband` mode by running the following ASE command:

   ```
   /opt/pingidentity/ase/bin/cli.sh status
   ```

   ### Result:

   ```
   API Security Enforcer
   status                  : started
    mode : sideband
   http/ws                 : port 80
   https/wss               : port 443
   firewall                : enabled
   abs                     : disabled, ssl: enabled
   abs attack              : disabled
   audit                   : enabled
   sideband authentication : disabled
   ase detected attack     : disabled
   attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
   google pubsub           : disabled
   log level               : debug
   timezone                : local (UTC)
   ```

   ### Troubleshooting:

   If ASE is not in `sideband` mode, then stop ASE and change the mode by editing the `/opt/pingidentity/ase/config/ase.conf` file. Set `mode` as `sideband` and start ASE.

7. For a secure communication between APIM and ASE, enable sideband authentication by entering the following ASE command:

   ```
   # ./bin/cli.sh enable_sideband_authentication -u admin –p
   ```

8. A token is required for APIM to authenticate with ASE. To generate the token in ASE, enter the following ASE command and save the generated authentication token for further use:

   ```
   # ./bin/cli.sh -u admin -p admin create_sideband_token
   ```