---
title: Configuring private relays
description: "A private relay is designed for deployment in networks that don't allow inbound connections, enabling access to resources within that private network."
component: privilege
page_id: privilege:configuration:network-infrastructure/private-relays
canonical_url: https://docs.pingidentity.com/privilege/configuration/network-infrastructure/private-relays.html
revdate: May 4, 2026
section_ids:
  validation: Validation
---

# Configuring private relays

A private relay is a component designed for deployment in networks that don't allow inbound connections from the internet. The relay, deployed as a Docker container, establishes a secure, egress-only connection to a PingOne Privilege gateway, enabling access to resources located within its private network.

To add a private relay:

1. In the PingOne Privilege admin console, go to **Cloud > Gateways**.

2. Click **Add New**, and then select the **Docker** icon.

3. Select **Relay**.

4. Enter a unique **Cluster ID** to identify this relay group, and provide the **Hostname** of the server where the relay will be installed.

5. Click **Get Docker Command** and copy the generated command.

6. On a server within your private network, run the Docker command you just copied.

## Validation

After you deploy the private relay, it registers with the PingOne Privilege controller and connects to an available gateway. PingOne Privilege will then automatically discover the cloud resources that are reachable through that relay. You can view the status of the relay on the **Cloud > Gateways** page.