If you are using the SAML 2.0 Attribute Query profile as an SP, then the requesting application(s) at your site must authenticate to the PingFederate server (see Attribute Query and XASP and the /sp/startAttributeQuery.ping SP application endpoint).
In addition, authentication is required to access PingFederate runtime data via JMX (see Runtime monitoring using JMX) or to make SOAP calls to the Connection Management Service. Authentication is optional for the SSO Directory Service (see Web service interfaces and APIs).
To help ensure network security, access to all of these services is deactivated when PingFederate is first installed.
On the Admin administrative role can activate and configure authentication for Attribute Query, JMX, and SSO Directory.
screen, administrators with theTo activate and configure authentication for the Connection Management Service, the administrators must be granted all three administrative roles: Admin, Crypto, and User Admin.