Configure a token provider to use when accessing the PingAccess user interface if you have enabled admin UI
single sign-on or admin
If you do not configure an admin token provider, the system token provider is used for both the PingAccess user interface and for end users.
- Click Settings and then go to .
- In the Admin Token Provider section, select Admin.
- In the Issuer field, enter the issuer ID.
- Optional: In the Description field, enter a description for the token provider.
- In the Trusted Certificate Group list, select a trusted certificate group that PingAccess will use when authenticating to the admin token provider.
To configure the connection to use a configured proxy, click Show
Advanced Settings and select Use
For more information about creating proxies, see Adding proxies.
To configure OAuth 2.0 Demonstrating Proof of Possession (DPoP) settings, click
Show Advanced Settings:
In the DPoP Type list, select the level of DPoP support that
you want to enable for access token validation:
- Off (default): PingAccess doesn’t accept DPoP-bound access tokens, only bearer tokens.
- Enabled: PingAccess accepts both bearer tokens and DPoP-bound access tokens.
- Required: PingAccess doesn’t accept bearer tokens, only DPoP-bound access tokens.
To require each DPoP proof to contain a nonce value during validation that was
provided by PingAccess when the access token was
created, per RFC 9449 section 9, select Require
This check box is cleared by default.
In the DPoP Proof Lifetime (SEC.) field, enter the duration,
in seconds, that a DPoP proof should be considered valid after it's issued.
As a security best practice, keep this value low and consistent with the DPoP implementation of your API client. The default value is 120 seconds.
- In the DPoP Type list, select the level of DPoP support that you want to enable for access token validation:
- Click Save.