1. Configure PingOne Protect for connectivity with PingAccess:
    1. In your PingOne administrative environment, go to Connections.
    2. In the Ping Products section, click the PingFederate connection.

      Currently, you must use the PingFederate connection because PingAccess does not have one of its own.

    3. On the connection that you decide to use, click the Pencil icon.
    4. On the Configuration tab, click +Add next to Credentials.

      This copies a JSON Web Token (JWT) to your clipboard that contains information on your PingOne environment.

  2. Configure PingAccess for connectivity with PingOne Protect:
    1. Sign on to the local PingAccess system and start a non-Internet Explorer (IE) browser.
    2. Sign on to the API doc page at https://<host>:<admin-port>/pa-admin-api/v3/api-docs/.

      Use the normal administrator username, Administrator, and your password.

    3. Expand /pingone, then expand POST/pingone/connections.
    4. Click Paste Model Template.

      This button is located just underneath the PingOneConnection field.

    5. In the PingOneConnection field, paste the JWT that you copied to your clipboard in step 1d as the <credential> variable.
    6. Fill out the rest of the PingOneConnection field using the PingOneConnectionView operation model in the API docs.

      <credential>, <trustedCertificateGroupId>, and <name> must have valid responses before you can save the connection. If you don't specify an <id>, this value will be auto-generated when you save the connection.

    7. Click Try it out! to save the connection.

    After you've created a connection, you can assign it to a specific risk policy through the /riskPolicies endpoint. For more information, see Creating a PingAccess risk policy.