In PingFederate 8.0 (or a more recent release), if you have selected to connect PingFederate to PingOne® for Enterprise during the initial setup process, the option to SSO from the PingOne admin portal to the PingFederate administrative console is enabled for you.

Tip:

In this scenario, the initial setup does not create any local administrative login. If you decide to disable the SSO from the PingOne admin portal option later, the administrative console will bring you to the System > Administrative Accounts screen and prompt you to create at least one user with the User Admin role for later use.

If you set up PingFederate without PingOne for Enterprise at the beginning but have subsequently created a managed SP connection to PingOne for Enterprise using the Connect to PingOne for Enterprise configuration wizard, you may go to the System > PingOne for Enterprise Settings screen to enable this option.

Additionally, you can continue to sign on to the administrative console via native or alternative console authentication using the direct login page. You can also disable the direct login page to enforce the policy that administrators must SSO to the administrative console from the PingOne admin portal.

  • To SSO to the administrative console:
    1. Start a web browser.
    2. Browse to the following URL:

      https://<pf_host>:9999/pingfederate/app

      where <pf_host> is the network address of your PingFederate server. It can be an IP address, a host name, or a fully qualified domain name. It must be reachable from your computer.

    If the SSO option is enabled on the PingOne for Enterprise Settings screen and if you have already logged on to the PingOne admin portal, the PingFederate administrative console becomes available. If you are not logged on to the PingOne admin portal, you will be prompted enter your PingOne admin portal credentials. Upon verification, the PingFederate administrative console becomes available.

  • To sign on via native or alternative console authentication:
    1. Start a web browser.
    2. Browse to the following URL:

      https://<pf_host>:9999/pingfederate/app?service=page/directLogin

      where <pf_host> is the network address of your PingFederate server. It can be an IP address, a host name, or a fully qualified domain name. It must be reachable from your computer.

  • To disable native and alternative console authentication:
    1. Edit the <pf_install>/pingfederate/bin/run.properties file.
    2. Change the pf.console.authentication property value to none.
    3. Save the change and then restart PingFederate.
      Note:

      In a clustered PingFederate environment, you are only required to modify the run.properties file on the console node.

    After restart, the direct login page is disabled. Administrators can only SSO to the PingFederate administrative console from the PingOne admin portal at https://<pf_host>:9999/pingfederate/app.

    If you want to re-enable native or alternative console authentication, update the pf.console.authentication property accordingly and then restart PingFederate.