You can enable certificate-based authentication in the PingFederate administrative console.
- Have a PingFederate username and password.
- Import the necessary client key and certificate into the web browser you use to access PingFederate.
To enable client-certificate authentication, PingFederate administrative users must import an X.509 key and a suitable certificate for user authentication into their web browsers. In addition, the corresponding root certificate authority (CA) certificates must be contained in the Java runtime or the PingFederate trusted store. Other setup steps, including designating user permissions, must be completed by using configuration files located in the <pf_install>/pingfederate/bin directory.
The roles configured in the properties file apply to both the administrative console and the administrative API.