1. Click Settings and then go to Clustering > Engines.
  2. To configure a new engine, click + Add Engine.
  3. In the Name field, enter a name for the engine.

    Special characters and spaces are allowed.

  4. Optional: In the Description field, enter a description of the engine.
  5. If applicable, specify an HTTP Proxy for the engine. See Adding proxies for more information about creating proxies.
    1. To create an HTTP proxy, click +Create.
  6. If applicable, specify an HTTPS Proxy for the engine. See Adding proxies for more information about creating proxies.
    1. To create an HTTPS proxy, click +Create.
  7. Specify the Engine Trusted Certificate to use for cases where a TLS-terminating network appliance, such as a load balancer, is placed between the engines and the admin node.
  8. To generate and download a public and private key pair into the <enginename>_data.zip file for the engine, click Save & Download.

    This file is prepended with the name you give the engine. Depending on your browser configuration, you might be prompted to save the file.

  9. Copy the .zip file to the <PA_HOME> directory of the corresponding engine in the cluster and extract it.

    The engine uses these files to authenticate and communicate with the administrative console.

    Generate a new key for an engine at any time by clicking Save & Download and extracting the <enginename>_data.zip.

  10. On Linux systems running the PingAccess engine, change the permissions on the extracted archive on the engine to replace the files with a new set of configuration files.

    When that engine starts up and begins using the new files, PingAccess deletes the old key.pa.jwk to mode 400 by executing the command chmod 400 conf/pa.jwk after extracting the .zip file.

  11. Start each engine.

    For information on configuring engine to share information with each other in a cluster, see Configure a PingAccess Cluster.

If you specified any proxies, enable the Use Proxy option for any sites, token providers, and third party services that require the use of a proxy. See Adding sites and the Token provider section for more information.