1. Sign on to the PingFederate administrative console.
  2. Go to System > OAuth Settings > Authorization Server Settings.
  3. Select Track User Sessions for Logout.
  4. Click Save.
  5. Select an OpenID Connect policy.
    • If you are using PingFederate 10.0 or earlier, go to System > OAuth Settings > OpenID Connect Policy Management and click an existing policy.
    • If you are using PingFederate 10.1 or later, go to Applications > OAuth > OpenID Connect Policy Management and click an existing policy.
  6. On the Manage Policy tab, select Include Session Identifier in ID Token.

    For more information about configuring an OpenID Connect (OIDC) Policy, see Configuring OpenID Connect Policies in the PingFederate Administrator's Manual.

  7. Click Save.
  8. Select the client to be used by PingAccess.
    • If you are using PingFederate 10.0 or earlier, go to System > OAuth Settings > Client Management and select the client to be used by PingAccess.
    • If you are using PingFederate 10.1 or later, go to Applications > OAuth > Clients and select the client to be used by PingAccess.
  9. In the OpenID Connect section of the client's configuration page, select PingAccess Logout Capable.
    Tip:

    If this option is not available, ensure that the Track User Sessions for Logout setting change made in step 3 was saved.

  10. Click Save.