Configure PingOne as the token provider in PingAccess.
You must have the PingOne issuer ID, or have access to the PingOne console, to perform this procedure.
- Click Settings and then go to System > Token Provider > PingOne.
-
In the Issuer field, enter the PingOne issuer ID.
This information is available in the PingOne console.
- Optional: In the Description field, enter a description for the connection.
- In the Trusted Certificate Group list, select a trusted certificate group for PingAccess to use when authenticating to PingOne.
-
To configure the connection to use a configured proxy,
click Show Advanced Settings and select Use
Proxy.
For more information about creating proxies, see Adding proxies.
-
To configure OAuth 2.0 Demonstrating Proof of Possession (DPoP) settings, click
Show Advanced Settings:
-
In the DPoP Type list, select the level of DPoP support that
you want to enable for access token validation:
- Off (default): PingAccess doesn’t accept DPoP-bound access tokens, only bearer tokens.
- Enabled: PingAccess accepts both bearer tokens and DPoP-bound access tokens.
- Required: PingAccess doesn’t accept bearer tokens, only DPoP-bound access tokens.
-
To require each DPoP proof to contain a nonce value during validation that was
provided by PingAccess when the access token was
created, per RFC 9449 section 9, select Require
Nonce.
This check box is cleared by default.
-
In the DPoP Proof Lifetime (SEC.) field, enter the duration,
in seconds, that a DPoP proof should be considered valid after it's issued.
Important:
As a security best practice, keep this value low and consistent with the DPoP implementation of your API client. The default value is 120 seconds.
-
In the DPoP Type list, select the level of DPoP support that
you want to enable for access token validation:
- Click Save.
After you configure the token provider, click View Metadata to display the metadata provided by the token provider. To update the metadata, click View Metadata > Refresh Metadata.