This connection allows the credentials for the PingFederate connection to be stored in PingOne. Each PingFederate connection has one or more credentials associated with it. The credential is generated in PingOne and then configured in PingFederate so that PingOne can authenticate the PingFederate additional service used by PingFederate. After you create a connection, you won’t need to enter credentials or other connection details for each instance. The credentials never expire, but you can create new credentials and revoke old ones if you want to rotate the credentials.

You will generate a credential in PingOne and then copy it to PingFederate when you create the connection. During runtime, PingFederate uses the credential to access PingOne services.
  • You can create one or more credentials for each PingFederate connection. You typically won’t need more than one credential other than during the credential-rotation period.
  • You can create more than one PingFederate connection, but doing so means that multiple PingFederate environments are sharing the same PingOne environment.
  • The setup and rotation process involves copying the credential from PingOne as the console presents it, pasting the credential into PingFederate when you are ready to create or update the PingOne connection in the PingFederate console.
  • The credentials do not expire but we recommend rotating them manually.

For more information, see Connections to PingOne in the PingFederate Administrator's Reference Guide.