Before PingFederate can access the Salesforce API, it needs an access token. To get the access token, you need to register PingFederate as an application in the Salesforce Setup console. For detailed configuration instructions, see Create a Connected App in the Salesforce documentation.
Note: The following steps follow the Salesforce Lightning interface. For Salesforce Classic, see the Salesforce documentation.
  1. Sign on to Salesforce as an administrator.
  2. On the Setup console, create a new connected app.
    1. In the search bar, enter App Manager.
    2. Click Apps > App Manager.
    3. On the Salesforce Lightning App Manager window, click New Connected App.
  3. Under Basic Information, enter your PingFederate server details.
    1. In the Connected App Name field, enter a name of your choosing, such as PingFederate Provisioning.
    2. In the API Name field, enter a name of your choosing without spaces or special characters , such as PingFederateProvisioning.
    3. In the Contact Email field, enter your email address.
    4. Optional: In the Description field, enter a description to display to end users.
  4. Under API (Enable OAuth Settings), configure OAuth.
    1. Select Enable OAuth Settings.
    2. In the Callback URL field, enter
    3. In the Available OAuth Scopes list, add the following:
      • Access and manage your data (api)
      • Access custom permissions (custom_permissions)
      • Perform requests on your behalf at any time (refresh_token, offline_access)
  5. Click Save. If you receive a message that says allow 2-10 minutes for the changes to take effect, click Continue.
  6. On the application detail screen, note the Consumer Key and Consumer Secret.

    You will use these credentials in Getting an API access token from Salesforce.

  7. Click Manage, and then click Edit Policies.
  8. On the Connected App Edit window, under OAuth policies, for Refresh Token Policy, check that Refresh token is valid until revoked is selected. Click Save.