Configure a token provider to use when accessing the PingAccess user interface if you have enabled admin UI single sign-on or admin API OAuth.
If you do not configure an admin token provider, the system token provider is used for both the PingAccess user interface and for end users.
- Click Settings and then go to Admin Authentication > Admin Token Provider.
- In the Admin Token Provider section, select Admin.
- In the Issuer field, enter the issuer ID.
- Optional: In the Description field, enter a description for the token provider.
- In the Trusted Certificate Group list, select a trusted certificate group that PingAccess will use when authenticating to the admin token provider.
- Optional:
To configure the connection to use a configured proxy, click Show
Advanced Settings and select Use
Proxy.
For more information about creating proxies, see Adding proxies.
-
To configure OAuth 2.0 Demonstrating Proof of Possession (DPoP) settings, click
Show Advanced Settings:
-
In the DPoP Type list, select the level of DPoP support that
you want to enable for access token validation:
- Off (default): PingAccess doesn’t accept DPoP-bound access tokens, only bearer tokens.
- Enabled: PingAccess accepts both bearer tokens and DPoP-bound access tokens.
- Required: PingAccess doesn’t accept bearer tokens, only DPoP-bound access tokens.
-
To require each DPoP proof to contain a nonce value during validation that was
provided by PingAccess when the access token was
created, per RFC 9449 section 9, select Require
Nonce.
This check box is cleared by default.
-
In the DPoP Proof Lifetime (SEC.) field, enter the duration,
in seconds, that a DPoP proof should be considered valid after it's issued.
Important:
As a security best practice, keep this value low and consistent with the DPoP implementation of your API client. The default value is 120 seconds.
-
In the DPoP Type list, select the level of DPoP support that
you want to enable for access token validation:
- Click Save.