PingOne MFA can integrate with third-party identity providers. The PingOne console has a built-in wizard for configuring a PingFederate connection. A PingFederate connection in PingOne MFA is actually a worker app, with a specific configuration. The wizard for creating a new PingFederate connection is an abridged worker app creation flow.

  • This step is optional and only needed if you need to enable API actions, such as provisioning users or automatic device enrollment.
  • If you plan to work solely from the admin console, you can skip this step.
  • Organizations using PingFederate as an IdP should skip this step and implement the configuration described in Integration with PingFederate.
  • For implementations using another third-party IDP, create a regular worker application with a link to actual location.
  1. To create a worker app, see Applications and Adding an application.
  2. If you're going to make API calls, generate an access token from your worker app.

    The access token is valid for one hour.


    An access token is an object encapsulating the security identity of a process or thread. It is used for making security decisions and to store tamper-proof information about a particular system entity. An access token contains the security credentials for a login session and identifies the user, the user's privileges, and in some cases, a particular application.

    • In PingOne, generate an access token for the worker application. For information, see Getting an access token.
    • Application developers can get an access token from the worker application, by using the following POST operation:

      See POST: GET a Worker Application Access Token in the API reference for details.

Integrating with PingFederate