When planning for a successful deployment:

Plan your deployment type and architecture
Use the Deployment reference guide to plan your deployment type and architecture. Learn about the differences between and benefits of a proxy deployment versus an agent based deployment, and decide to use one or a combination of both deployment types.
Design and plan a PingAccess cluster
Use the Clustering reference guide to design and plan your PingAccess cluster. For a high availability deployment, use a cluster that contains both a primary administrative node and a replica administrative node, along with additional engine nodes. For best performance, employ a load balancing strategy.
Install PingAccess
Ensure your systems meet the requirements so you can Install PingAccess.
Tune performance
Use the Performance tuning reference guide to configure your deployment for optimal performance.
Configure logging
Configure logging so that you can monitor your PingAccess deployment and troubleshoot application issues.
Configure the PingAccess token provider
Configure PingAccess to use Microsoft Azure AD as the token provider. Perform optional additional configuration that allows for communication with the Azure AD Graph API.
Configure applications
Configure applications to be made available by PingAccess to the Microsoft MyApps portal through Azure AD using the Azure AD Application Proxy.
Configure for dual internal and external secure access
Configure the solution so that applications are made securely available both externally through the Microsoft MyApps portal and internally through PingAccess for Azure AD.