--- title: Connect to PingFederate description: Connect to a new or existing PingFederate account as your PingOne for Enterprise identity repository. component: pingoneforenterprise page_id: pingoneforenterprise:pingone_for_enterprise:p14e_connect_pf canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise/p14e_connect_pf.html revdate: April 29, 2024 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps result: Result --- # Connect to PingFederate Connect to a new or existing PingFederate account as your PingOne for Enterprise identity repository. ## Before you begin PingFederate requirements * Network access to a PingFederate installation. * Administrator permissions on PingFederate. * PingFederate access to the appropriate identity repository. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Before connecting to PingOne for Enterprise, you must allow access to the following domains on the server running PingFederate.* `admin-api.pingone.com` for administration * `ore-routingsvc.pingone.com` for monitoring PingFederate from PingOne for Enterprise * `ohi-routingsvc.pingone.com` for monitoring PingFederate from PingOne for Enterprise * `scim.connect.pingidentity.com` for provisioning | ## About this task You'll be working on both the PingOne side and the PingFederate side. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | A PingFederate license can be either a "Bridge" license or a "Full" license. You can use either type of license with PingOne. This documentation references PingFederate Bridge. If your organization has a full PingFederate license, all instructions are the same unless otherwise noted. For more information, see [Connections to PingOne for Enterprise](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_connecttop1_connecttop1state.html) in the PingFederate documentation.Bridge licenses are available for PingFederateversions 10.3 and earlier. You can download later versions of PingFederate from the [Ping Identity download site](https://www.pingidentity.com/en/resources/downloads/pingfederate.html), but those versions require a full PingFederate license. | ## Steps 1. Go to **Setup > Identity Repository**, click **Connect to an Identity Repository**, select **PingFederate**, and click **Next**. The steps to complete your PingFederate Bridge setup depend on whether you have an existing PingFederate installation, and if so, whether you've installed PingFederate version 8.0 or higher. 2. Select whether or not you have an existing PingFederate installation. 3. If you selected that you don't have an existing PingFederate installation, click **Next**. 1. Select the server platform you'll use for the PingFederate Bridge installation. The installation instructions to depend on the platform you've chosen: * Windows installations 1. Click **Download PingFederate** and click **Next**. 2. Run the PingFederate Bridge installer and follow the installation steps. When the installation is complete, the URL for your PingFederate Bridge admin console will be displayed. Open the PingFederate admin console URL in a browser and follow the initial setup tutorial. 3. Copy into PingFederate Bridge the single-use **Activation Key** displayed in PingOne. 4. In PingOne, click **Next**. 5. Assign the PingFederate-to-PingOne for Enterprise attribute mapping. This assignment maps PingFederate attributes to the default PingOne for Enterprise attributes (used by PingOne for Enterprise dock). This attribute mapping is not used by applications that you add to PingOne for Enterprise. You will configure those attribute mappings for each application. For any of the attribute mappings, you can choose to configure an advanced mapping. See [Creating advanced attribute mappings](p14e_creating_advaced_attribute_mappings.html) for instructions. * Linux installations 1. Open a command line console on your selected server for the PingFederate Bridge installation and enter the displayed command to download PingFederate. 2. In PingOne, click **Next** to display the Install and Configure PingFederate panel. 3. In the command line console on your selected server, enter the displayed PingFederate Bridge installation script. When the installation is complete, the URL for your PingFederate Bridge admin console will be displayed. Open the PingFederate Bridge admin console URL in a browser and follow the initial setup tutorial. 4. Copy into PingFederate Bridge the single-use **Activation Key** displayed in PingOne. 5. In PingOne, click **Next**. 6. Assign the PingFederate-to-PingOne for Enterprise attribute mapping. This assignment maps PingFederate attributes to the default PingOne for Enterprise attributes (used by PingOne dock). This attribute mapping is not used by applications that you add to PingOne. You will configure those attribute mappings for each application. For any of the attribute mappings, you can choose to configure an advanced mapping. See [Creating advanced attribute mappings](p14e_creating_advaced_attribute_mappings.html) for instructions. 4. If you have selected that you have an existing PingFederate installation, click **Next**. The UI skips ahead to **Install and Configure PingFederate**. 1. Copy the PingFederate Bridge activation key that's displayed and click **Next**. 2. Log in to your PingFederate installation to enter the activation key. If you have a new, unconfigured PingFederate installation, the section for the PingOne for Enterprise activation key is displayed on the first page. If you are using an already configured PingFederate installation, go to **System > External Systems** and click **Connect to PingOne for Enterprise**. 3. Copy into PingFederate the single-use **Activation Key** displayed in PingOne and click **Next**. Follow the instructions to configure your PingOne for Enterprise connection. Refer to your PingFederate documentation for more information. 4. In PingOne, when the PingFederate configuration is verified, click **Next**. The PingFederate connection can't be verified until you've saved the PingOne for Enterprise connection configuration in PingFederate. 5. Assign the PingFederate-to-PingOne for Enterprise attribute mapping. This assignment maps PingFederate attributes to the default PingOne attributes (used by PingOne dock). This attribute mapping is not used by applications that you add to PingOne. You'll configure those attribute mappings for each application. For any of the attribute mappings, you can choose to configure an advanced mapping. See [Creating advanced attribute mappings](p14e_creating_advaced_attribute_mappings.html) for instructions. 5. When you've completed the PingFederate configuration, your new PingFederate connection (node) is displayed. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For PingFederate nodes to appear in PingOne for Enterprise, the **Enable Monitoring of PingFederate from PingOne** option must be enabled. This option is enabled by default.This option can be found in PingFederate at **System > External Systems > PingOne for Enterprise Settings**. | 1. Click the node name to display information about the PingFederate node. You can optionally assign: * A different URL for the link to the PingFederate admin page. * A different name for the PingFederate node. 2. Click **Settings** to display a summary of the PingOne and PingFederate configuration details for the identity repository. From here you can click to download the **Active Signing Certificate** and the **Encryption Certificate**. You can also copy and share the **PingOne Metadata URL**. 6. **Optional:** Click to download the displayed PingOne signing and encryption certificates. 7. **Optional:** If you've deployed PingFederate in clustered mode, you can choose to add other PingFederate nodes in the cluster to the PingOne admin portal for monitoring. ## Result Your PingFederate Bridge or PingFederate setup for PingOne is complete.