In PingFederate 8.0 (or a more recent release), if you have selected to connect PingFederate to PingOne® for Enterprise during the initial setup process, the option to SSO from the PingOne admin portal to the PingFederate administrative console is enabled for you.
In this scenario, the initial setup does not create any local administrative login. If you decide to disable the SSO from the PingOne admin portal option later, the administrative console will bring you to the screen and prompt you to create at least one user with the User Admin role for later use.
If you set up PingFederate without PingOne for Enterprise at the beginning but have subsequently created a managed SP connection to PingOne for Enterprise using the Connect to PingOne for Enterprise configuration wizard, you may go to the screen to enable this option.
Additionally, you can continue to sign on to the administrative console via native or alternative console authentication using the direct login page. You can also disable the direct login page to enforce the policy that administrators must SSO to the administrative console from the PingOne admin portal.