The Password Manager relies on a PingFederate security token, opentoken, to identify users and ensure that they are authenticated before resetting their Google passwords. To enable token creation, you must create an instance of the SP OpenToken Adapter and export a configuration file, which the Password Manager uses to retrieve and decrypt the token.

Refer to Configuring an OpenToken SP Adapter instance in the PingFederate documentation for setup instructions.
Note: In the Adapter Instance setup, no Extended Contract is required, and no changes are needed to the default Instance Configuration Advanced Fields—but be sure to click download on the Actions screen and Export the properties file to use later (see Deploying the Application).
Tip: On the Instance Configuration screen, under Show Advanced Fields, you may change the default Transport Mode of the opentoken from Query Parameter to Cookie (but not to POST).