The various integrations with PingID require information that is stored in the PingID properties file, which can be downloaded from the admin console.
Download the PingID properties file relevant for your platform:
PingFederate
You can download the PingID for PingFederate properties file for use when integrating PingID with PingFederate.
The Integrate with PingFederate Bridge properties file provides full permission to perform enrollment, device management, and authentication actions. You can rotate or revoke generated properties files with minimal downtime.
For Window login, Mac login, and SSH integrations, you should download the version of the properties file that restricts user permissions to authentication only. For more information, see the relevant tabs on this page.
The PingID properties file contains sensitive information including the secret encryption key. It should only be handled by administrators and should not be distributed more than is necessary.
To ensure minimal downtime when rotating a PingID properties file (key rotation), first generate the PingID properties file and link it to the relevant client, and then revoke the old properties file.
Windows and Mac login
The Windows and Mac login PingID properties file provides a limited subset of permissions that enable users to perform Windows or Mac login authentication while preventing them from performing management actions, such as enrollment and device management.
The PingID Windows and Mac login properties file contains sensitive information, including the secret encryption key. It should only be handled by administrators and should not be distributed more than is necessary.
The outcome of a login attempt by this user can differ if Windows or Mac login was installed with full permissions as opposed to restricted permissions.
Under full permissions, if valid user john.smith
creates a new
user, joe.blogs
, on his Mac and then uses it to login, he is
offered a QR code or one-time passcode (OTP) on his registered second factor
device and PingID will
create a new user named joe.blogs
. The full permissions case
both registers and provides access to logins. In the restricted permissions
case, attempting to log-in as joe.blogs
fails with an error
message. The restricted permissions case provides access only.
To avoid ad hoc registrations, the admin should always install the login using the restricted permissions properties file.
To download the PingID properties file to integrate with Windows login or Mac login:
SSH
The SSH Properties file provides a limited subset of permissions that enable users to perform authentication while preventing them from performing management actions (such as enrollment and device management).
The PingID SSH Properties file contains sensitive information including the secret encryption key. It should only be handled by administrators, and should not be distributed more than is necessary.
The outcome of a login attempt by this user can differ if SSH was installed with full permissions as against restricted permissions.
Under full permissions, if valid user john.smith
creates a new user,
joe.blogs
, on his Mac and then uses it to login, he will be
offered a QR code or OTP on his registered second factor device and PingID will create a new user
named joe.blogs
. The full permissions case both
registers and provides access to logins. In the restricted
permissions case, attempting to login as joe.blogs
will fail
with an error message. The restricted permissions case provides access only.
To avoid ad hoc enrollments, the admin should always install SSH using the restricted permissions properties file.
To download the PingID properties file to integrate with SSH:
Rotating and revoking a PingID properties file
You can rotate or revoke a PingID properties file.
Revoking a properties file removes it from PingID, invalidating any devices that used it.
Revoking a properties file should be done with extreme caution. Users signed on to machines with authentication based on a revoked properties file can continue to work normally. However, at their next sign on, they won't be able to authenticate and will be locked out of their machines.
Rotating a properties file involves replacing a properties file with a new one. To minimize downtime to users: