PingFederate requirements
  • Network access to a PingFederate installation.
  • Administrator permissions on PingFederate.
  • PingFederate access to the appropriate identity repository.
Note:

Before connecting to PingOne for Enterprise, you must allow access to the following domains on the server running PingFederate.

  • admin-api.pingone.com for administration
  • ore-routingsvc.pingone.com for monitoring PingFederate from PingOne for Enterprise
  • ohi-routingsvc.pingone.com for monitoring PingFederate from PingOne for Enterprise
  • scim.connect.pingidentity.com for provisioning

You'll be working on both the PingOne side and the PingFederate side.

Note:

A PingFederate license can be either a "Bridge" license or a "Full" license. You can use either type of license with PingOne. This documentation references PingFederate Bridge. If your organization has a full PingFederate license, all instructions are the same unless otherwise noted. For more information, see Introduction to PingFederate Bridge.

Bridge licenses are available for PingFederateversions 10.3 and earlier. You can download later versions of PingFederate from the Ping Identity download site, but those versions require a full PingFederate license.

  1. Go to Setup > Identity Repository, click Connect to an Identity Repository, select PingFederate, and click Next.
    The steps to complete your PingFederate Bridge setup depend on whether you have an existing PingFederate installation, and if so, whether you've installed PingFederate version 8.0 or higher.
  2. Select whether or not you have an existing PingFederate installation.
  3. If you selected that you don't have an existing PingFederate installation, click Next.
    1. Select the server platform you'll use for the PingFederate Bridge installation.
      The installation instructions to depend on the platform you've chosen:
      Windows installations
      1. Click Download PingFederate and click Next.
      2. Run the PingFederate Bridge installer and follow the installation steps.

        When the installation is complete, the URL for your PingFederate Bridge admin console will be displayed. Open the PingFederate admin console URL in a browser and follow the initial setup tutorial.

      3. Copy into PingFederate Bridge the single-use Activation Key displayed in PingOne.
      4. In PingOne, click Next.
      5. Assign the PingFederate-to-PingOne attribute mapping.

        This assignment maps PingFederate attributes to the default PingOne attributes (used by PingOne for Enterprise dock). This attribute mapping is not used by applications that you add to PingOne for Enterprise. You will configure those attribute mappings for each application.

        For any of the attribute mappings, you can choose to configure an advanced mapping. See Creating advanced attribute mappings for instructions.

      Linux installations
      1. Open a command line console on your selected server for the PingFederate Bridge installation and enter the displayed command to download PingFederate.
      2. In PingOne, click Next to display the Install and Configure PingFederate panel.
      3. In the command line console on your selected server, enter the displayed PingFederate Bridge installation script.

        When the installation is complete, the URL for your PingFederate Bridge admin console will be displayed. Open the PingFederate Bridge admin console URL in a browser and follow the initial setup tutorial.

      4. Copy into PingFederate Bridge the single-use Activation Key displayed in PingOne.
      5. In PingOne, click Next.
      6. Assign the PingFederate-to-PingOne attribute mapping.

        This assignment maps PingFederate attributes to the default PingOne attributes (used by PingOne dock). This attribute mapping is not used by applications that you add to PingOne. You will configure those attribute mappings for each application.

        For any of the attribute mappings, you can choose to configure an advanced mapping. See Creating advanced attribute mappings for instructions.

  4. If you have selected that you have an existing PingFederate installation, click Next.
    The UI skips ahead to Install and Configure PingFederate Bridge.
    1. Copy the PingFederate Bridge activation key that's displayed and click Next.
    2. Log in to your PingFederate installation to enter the activation key.
      If you have a new, unconfigured PingFederate installation, the section for the PingOne for Enterprise activation key is displayed on the first page.
      If you are using an already configured PingFederate installation, go to System > External Systems and click Connect to PingOne for Enterprise.
    3. Copy into PingFederate the single-use Activation Key displayed in PingOne and click Next.
      Follow the instructions to configure your PingOne for Enterprise connection. Refer to your PingFederate documentation for more information.
    4. In PingOne, when the PingFederate configuration is verified, click Next.
      The PingFederate connection can't be verified until you've saved the PingOne connection configuration in PingFederate.
    5. Assign the PingFederate-to-PingOne attribute mapping.
      This assignment maps PingFederate attributes to the default PingOne attributes (used by PingOne dock). This attribute mapping is not used by applications that you add to PingOne. You'll configure those attribute mappings for each application.
      For any of the attribute mappings, you can choose to configure an advanced mapping. See Creating advanced attribute mappings for instructions.
  5. When you've completed the PingFederate configuration, your new PingFederate Bridge or PingFederate connection (node) is displayed.
    Important:

    For PingFederate nodes to appear in PingOne for Enterprise, the Enable Monitoring of PingFederate from PingOne option must be enabled. This option is enabled by default.

    This option can be found in PingFederate at System > External Systems > PingOne for Enterprise Settings.

    1. Click the node name to display information about the PingFederate node.
      You can optionally assign:
      • A different URL for the link to the PingFederate admin page.
      • A different name for the PingFederate node.
    2. Click Settings to display a summary of the PingOne and PingFederate configuration details for the identity repository. From here you can click to download the Active Signing Certificate and the Encryption Certificate. You can also copy and share the PingOne Metadata URL.
  6. Optional: Click to download the displayed PingOne signing and encryption certificates.
  7. Optional: If you've deployed PingFederate in clustered mode, you can choose to add other PingFederate nodes in the cluster to the PingOne admin portal for monitoring.
Your PingFederate Bridge or PingFederate setup for PingOne is complete.