When the administrative API is protected by native authentication, access to the administrative API is restricted to the users defined in the Account Management screen. The API calls must be authenticated by valid credentials over HTTP Basic authentication; otherwise, the administrative API returns an error message. The roles assigned to the users affect the results of the API calls.
Verify the pf.admin.api.authentication value in
is set to
native.Update as needed and restart PingFederate to activate this change.Note:
In a clustered PingFederate environment, you only need to modify run.properties on the console node.
Log on to the administrative console with an account that has the role User
When the administrative console is protected by an alternative console authentication (certificate-based, LDAP, or RADIUS authentication), most user-management functions are handled outside the scope of the PingFederate administrative console. Therefore, the administrative console disables thefunctionality unless the logged-on administrator has been granted the User Admin right.
To create or manage users in this scenario, add at least one external account to the role setting
userAdminin the configuration file for the respective authentication method. When such administrator logs on to the administrative console, the screen becomes available for her or him to create or manage users for the purposes of accessing the administrative API.
For more information about the alternative console authentication and the respective configuration, see Alternative console authentication.
On the Configure access to the administrative API.
screen, create or manage users as needed, including assigning
various PingFederate administrative roles as indicated by the PingFederate
User Access Control table in Note:
When assigning role(s), keep in mind that all users defined in thescreen can be used to access the administrative API and the administrative console.