---
title: Configuring target relays
description: "A target relay is a component that you deploy directly on a server that can't accept inbound connections, enabling passwordless access."
component: privilege
page_id: privilege:configuration:network-infrastructure/target-relays
canonical_url: https://docs.pingidentity.com/privilege/configuration/network-infrastructure/target-relays.html
revdate: May 4, 2026
section_ids:
  validation: Validation
---

# Configuring target relays

A target relay is a component that you deploy directly on a server that can't accept inbound connections, such as a server behind a strict firewall. The relay establishes a secure, egress-only connection to a PingOne Privilege gateway, onboarding the server onto the platform and enabling passwordless access.

To add a target relay:

1. In the PingOne Privilege admin console, go to **Cloud > Gateways**.

2. Click **Add New**, and then select the **Docker** icon.

3. Select **Target Relay**.

4. Enter a unique **Cluster ID** to identify this relay group, and provide the **Hostname** of the server where the relay will be installed.

5. Click **Get Docker Command** and copy the generated command.

6. On the target server that you want to onboard, run the Docker command you just copied.

## Validation

After you deploy the target relay, it registers with the PingOne Privilege controller and connects to an available gateway. To verify that the process was successful, go to **Access Management > Targets**. The server where you installed the target relay should now be listed as an available target.