1. Add a DNS redirect from a sub-domain of the federated domain to point to the PingFederate server so that <sub-domain>.<federated_domain_name> points to <PingFederate_domain_name_or_IP> where <sub-domain> is a unique identifier for the PingFederate server.

    For example, redirect pf.myfederateddomain.com to pfnode.mycompany.com where pfnode.mycompany.com resolves to the PingFederate server.

  2. To assist in verification of the domain, add a TXT record to the DNS settings of the federated domain. Insert the domain label prefix recorded recorded in the Add federated domain step where indicated below. 
    type: TXT, alias/host name: @, destination/points to address: MS=<domain_label_prefix>, ttl: 1hour