---
title: Remote proxy security best practices
description: Security best practices for PingIDM remote proxy, covering credential rotation, permissions, TLS/SSL, audit logging, least privilege, service accounts, and secrets management
component: pingoneaic
page_id: pingoneaic:idm-objects:remote-proxy-security-best-practices
canonical_url: https://docs.pingidentity.com/pingoneaic/idm-objects/remote-proxy-security-best-practices.html
llms_txt: https://docs.pingidentity.com/pingoneaic/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
keywords: ["Data Object Model", "Synchronization"]
---

# Remote proxy security best practices

When you configure a remote proxy, follow these security best practices to protect your tenants and data:

* **Use granular permissions**: Don't grant full admin rights unless necessary.

* **Rotate credentials regularly**: Update OAuth 2.0 client secrets periodically.

* **Use SSL/TLS**: Always use HTTPS in production.

* **Enable audit logging**: Enable audit logs on both originating and receiving tenants.

* **Apply least privilege**: Grant only the minimum required roles.

* **Use service accounts**: Use dedicated service accounts, not personal accounts.

* **Manage secrets securely**: Store credentials in a vault, not in source code.
