Configuring SSO from PingOne admin portal to PingFederate administrative console - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

You can single sign-on (SSO) to the PingFederate administrative console from PingOne for Enterprise and configure authentication procedures as desired.

In PingFederate 10.1 and later, you can connect to PingOne for Enterprise after the initial PingFederate setup by going to System > External Systems > Connect to PingOne for Enterprise.

Additionally, you can continue to sign on to the administrative console through native or alternative console authentication using the direct sign on page. You can also disable the direct sign on page to enforce the policy that administrators must SSO to the administrative console from the PingOne admin portal.

  • To SSO to the administrative console:
    1. Start a web browser.
    2. Browse to the URL https://<pf_host>:9999/pingfederate/app, where <pf_host> is the network address of your PingFederate server, either an IP address, a host name, or a fully qualified domain name reachable from your computer.

    If the SSO option is enabled on the PingOne for Enterprise Settings window and you have signed on to the PingOne admin portal, the PingFederate administrative console is made available. If you are not signed on to the PingOne admin portal, you are prompted to enter your PingOne admin portal credentials. Upon verification, the PingFederate administrative console is made available.

  • To sign on through native or alternative console authentication:
    1. Start a web browser.
    2. Browse to the URL https://<pf_host>:9999/pingfederate/app?service=page/directLogin, where <pf_host> is the network address of your PingFederate server, either an IP address, a host name, or a fully qualified domain name reachable from your computer.
  • To disable native and alternative console authentication:
    1. Edit the <pf_install>/pingfederate/bin/run.properties file.
    2. Change the pf.console.authentication property value to none.
    3. Save the change and then restart PingFederate.
      Note:

      In a clustered PingFederate environment, you only need to modify the run.properties file on the console node.

    After restart, the direct login page is disabled. Administrators can only SSO to the PingFederate administrative console from the PingOne admin portal at https://<pf_host>:9999/pingfederate/app.

    To re-enable native or alternative console authentication, update the pf.console.authentication property accordingly and then restart PingFederate.