To obtain the latest version of the SetProxyParams script, see https://github.com/pingidentity/pingid-desktop-application.

  1. In the PingID admin portal, go to Setup > PingID > Configuration.
  2. In the Use Proxy For Desktop field, select one of the following options, and then click Save.
    • Enable: Enable the use of PingID desktop app with the enterprise proxy, according to the mode configured in the SetProxyParams script.
    • Disable: Disable use of PingID desktop app with a proxy. This is the default selection.
    A screen capture of the Use Proxy For Desktop section.
    Note:

    Even if the Use Proxy For Desktop setting is enabled enterprise-wide in the admin portal, administrators can require the desktop app installations on specific desktops and laptops to always work without a proxy.

  3. If Use Proxy For Desktop is set to Enable, modify the SetProxyParams script.
    Note:

    The SetProxyParams script is configured at machine level. If there are multiple instances of the desktop app installed on a machine, the setting of the SetProxyParams is applied to all instances.

    • Restrictive mode: Forces users to use the desktop app with the enterprise proxy. The proxy toggle does not appear on the desktop app menu.
      • Windows:
        SetProxyParams.bat host port [username] [password] -r
      • Mac:
        sudo sh SetProxyParams.sh host port [username] [password] -r
    • Permissive mode: Provides users an option to enable or disable use of the proxy from the desktop app menu, to accommodate authentication in different work modes, from within the enterprise network, or externally. For more information, see Enabling or disabling your proxy for PingIDdesktop .
      • Windows:
        SetProxyParams.bat host port [username] [password]
      • Mac:
        sudo sh SetProxyParams.sh host port [username] [password] 
    • Disabled mode: Disables use of the desktop app with a proxy on specific devices.
      • Windows:
        SetProxyParams.bat disable
      • Mac:
        sudo sh SetProxyParams.sh disable

        Where:

        Parameter Description

        host

        Proxy host IP address or host name.

        port

        Proxy port number.

        username

        Mandatory if the proxy requires credentials.

        Empty if the proxy does not require credentials.

        password

        Mandatory if the proxy requires credentials.

        Empty if the proxy does not require credentials.

        -r

        Mandatory for restrictive mode.

        Empty for permissive mode.

    Note:

    To configure Proxy Auto Configuration (PAC) for the desktop app, see Configuring Proxy Auto Configuration for the PingID desktop app.

    To configure Kerberos proxy authentication for the desktop app, see Configuring Kerberos proxy authentication for the PingID desktop app.

  4. Optional: To allow the PingID desktop app to work with a proxy, using a self-signed certificate or local CA-signed certificate, complete the following steps:
    1. Ensure that the Java Development Kit (JDK) keytool utility is installed.
    2. Download a copy of the certificate that is installed on the proxy in DER format, and then save it to the local hard drive.
    3. Open the integrated terminal and navigate to the Java Runtime Environment (JRE) security directory inside the PingID root directory.

      The default paths are:

      • Windows: C:\Program Files (x86)\Ping Identity\PingID\runtime\lib\security
      • Mac: /Applications/PingID.app/Contents/PlugIns/Java.runtime/Contents/Home/jre/lib/security
    4. Add the certificate to the JRE certificate trust store.
      keytool -import -keystore cacerts -file <certificate file> -storepass changeit