$ bin/setup oidc \
  --oidcHostname <ping-federate-hostname> \
  --oidcPort <ping-federate-port> \
  --clientId pingdatagovernance-pap \
  --generateSelfSignedCertificate \
  --decisionPointSharedSecret datagovernance \
  --hostname <pap-hostname> \
  --port <pap-port> \
  --adminPort <admin-port> \
  --licenseKeyFile <path-to-license>

The Policy Administration GUI uses the provided OIDC host name and OIDC to query the PingFederate server’s autodiscovery endpoint for the information it needs to make OIDC requests. The provided client ID represents the Policy Administration GUI and must be configured in PingFederate. For more information about configuring PingFederate, see Configuring an Authentication Server for OpenID Connect single sign-on.