PingOne

Configure PingID Proxy for the PingID desktop app

Configure the PingID desktop app to support proxy for all enterprise internal communication to the internet on enterprise desktop and laptop machines.

Before you begin

You can get latest version of the SetProxyParams script at https://github.com/pingidentity/pingid-desktop-application.

Steps

  1. In PingOne, go to Applications > Applications.

  2. In the Applications list, select PingID Desktop.

  3. On the Configuration tab, click the Pencil icon.

  4. To enable the use of PingID desktop app with the enterprise proxy, according to the mode configured in the SetProxyParams script, select the Use proxy for desktop app checkbox and then click Save.

    Even if the Use Proxy For Desktop setting is enabled enterprise-wide in the admin portal, administrators can require the desktop app installations on specific desktops and laptops to always work without a proxy.

  5. Modify the SetProxyParams script, editing the relevant parameters.

    The SetProxyParams script is configured at machine level. If there are multiple instances of the desktop app installed on a machine, the setting of the SetProxyParams is applied to all instances.

    Choose from:

    • Restrictive mode: Forces users to use the desktop app with the enterprise proxy. The proxy toggle does not appear on the desktop app menu.

    • Windows:

      SetProxyParams.bat host port [username] [password] -r

    • Mac:

      sudo sh SetProxyParams.sh host port [username] [password] -r

    • Permissive mode: Provides users an option to enable or disable use of the proxy from the desktop app menu, to accommodate authentication in different work modes, from within the enterprise network, or externally.

    • Windows:

      SetProxyParams.bat host port [username] [password]

    • Mac:

      sudo sh SetProxyParams.sh host port [username] [password]

    • Disabled mode: Disables use of the desktop app with a proxy on specific devices.

    • Windows:

      SetProxyParams.bat disable

    • Mac:

      sudo sh SetProxyParams.sh disable

      Where:

      Parameter Description

      host

      Proxy host IP address or host name.

      port

      Proxy port number.

      username

      Mandatory if the proxy requires credentials.

      Empty if the proxy does not require credentials.

      password

      Mandatory if the proxy requires credentials.

      Empty if the proxy does not require credentials.

      -r

      Mandatory for restrictive mode.

      Empty for permissive mode.

  6. (Optional) Configure one of the following for PingID desktop app:

  7. (Optional) To allow the PingID desktop app to work with a proxy, using a self-signed certificate or local CA-signed certificate:

    1. Ensure that the Java Development Kit (JDK) keytool utility is installed.

    2. Download a copy of the certificate that is installed on the proxy in DER format, and then save it to the local hard drive.

    3. Open the integrated terminal and navigate to the Java Runtime Environment (JRE) security directory inside the PingID root directory.

      The default paths are:

      • Windows: C:\Program Files (x86)\Ping Identity\PingID\runtime\lib\security

      • Mac: /Applications/PingID.app/Contents/PlugIns/Java.runtime/Contents/Home/jre/lib/security

    4. Add the certificate to the JRE certificate trust store.

      keytool -import -keystore cacerts -file <certificate file> -storepass changeit

Next steps

If you have not yet enabled and configured PingID desktop app as an authentication method in your MFA policy, you can find instructions in Configuring an MFA policy for strong authentication.