When creating a PingFederate Access Token Validator in PingDirectory Server, use the pingdirectory client ID and secret. PingDirectory Server uses an identity mapper to match the sub claim against the entryUUID attribute.

To configure PingDirectory Server as the token validator, perform the following steps:

  1. Click Create new client.
  2. For both the Client ID and Name, specify pingdirectory.
  3. Make the following selections:
    • In the Client Authentication section, select Client Secret.
    • In the Client Secret section, select Change Secret.
  4. Click Generate Secret to generate a new secret key.
  5. Copy the secret key.
  6. In the Allowed Grant Types section, select Access Token Validation.
  7. Click Save.