Field Required Description
Name Yes A unique name for the application.
Description No An optional description for the application.
Context Root Yes The context at which the application is accessed at the site.
Note:

This value must meet the following criteria:

  • It must start with /.
  • It can contain additional / path separators.
  • It must not end with /.
  • It must not contain wildcards or regular expression strings.
  • The combination of the Virtual Host and Context Root must be unique. The following is allowed and incoming requests will match the most specific path first:
    • vhost1:443/App
    • vhost1:443/App/Subpath
  • /pa is, by default, reserved for PingAccess and is not allowed as a Context Root. You can change this reserved path using the PingAccess Admin API.
Case Sensitive Path No Indicates whether or not to make request URL path matching case sensitive.
Virtual host(s) Yes Specifies the virtual host for the application. Click + Create to create a virtual host. See Creating new virtual hosts for more information.
Application Type Yes Specifies the application type, either Web, API, or Web + API.
  • If the Application Type is Web, select the Web Session if the application is protected and, if applicable, the Web Identity Mapping for the application. Select an Authentication Challenge Policy to produce authentication challenges for the application. Click + Create to create a web session or identity mapping. You can enter an OpenID Connect Provider Issuer URL to replace the visible URL during authentication if the token provider supports it.
  • If the Application Type is API, specify whether or not you want to enable SPA Support. Indicate the method of Access Validation and, if applicable, select the API Identity Mapping for the application. Click + Create to create an access validation or identity mapping.
  • If the Application Type is Web + API, indicate the method of Access Validation. Select the Web Session and, if applicable, the Web Identity Mapping and API Identity Mapping to use for each type. Select an Authentication Challenge Policy to produce authentication challenges for the application. In this configuration, the web session is required and the API is protected by default. Click + Create to create an access validation, web session, web identity mapping, or API identity mapping. You can enter an OpenID Connect Provider Issuer URL to replace the visible URL during authentication if the token provider supports it. Specify whether or not you want to enable SPA Support
Destination Yes Specifies the application destination type, either Site, Agent, or Sideband.
  • If the destination is a Site, select the Site requests are sent to when access is granted. If HTTPS is required to access this application, and at least one non-secure HTTP listening port is defined, select the Require HTTPS option. Click + Create to create a Site. For more information, see Adding sites.
  • If the destination is an Agent, select the agent which intercepts and validates access requests for the Application. Click + Create to create an Agent. For more information, see Adding agents.
  • If the destination is Sideband, select the sideband client that queries PingAccess for authorization and request/response modification. Click + Create to create a sideband client. For more information, see Adding sideband clients.
Enabled No Select to enable the application and allow it to process requests.