The instructions in this guide are deprecated. For existing unmanaged PingFederate connections to PingOne for Enterprise, you can update the verification certificate as an IdP certificate. For more information, see Updating a verification certificate in the PingOne for Enterprise documentation.

Unmanaged PingFederate connections are a legacy function. You can no longer create an unmanaged manual connection to PingFederate.


  • PingOne for Enterprise
  • PingFederate 10.2

In PingFederate, go to Applications > SP Connections and check whether your PingFederate connection is unmanaged. If your connection to PingOne for Enterprise is unmanaged, it's labeled SAML 2.0.

If you try to update an identity repository verification certificate for an unmanaged connection, PingOne for Enterprise generates a new activation key for use in creating a new managed connection to PingFederate. Because your user data and PingOne for Enterprise functionality depends on the settings in the existing connection, avoid creating a new connection.

  1. In PingFederate, go to Security > Signing & Decryption Keys & Certificates.
  2. Click Create New.
  3. Enter values for the following required fields:
    1. In the Common Name field, enter a name for the certificate.
    2. In the Organization field, enter the name of your organization.
    3. In the Country field, enter the country.
    For more information about the certificate creation form, see Creating new certificates in the PingFederate documentation.
  4. Click Next.
  5. Review the certificate values. Click Save.
  6. In the row for the certificate that you created, in the Select Action list, click Export.
  7. Click Certificate Only and click Next.
  8. Click Export and save the certificate.
  9. In PingOne for Enterprise, go to Setup > Certificates.
  10. Expand the certificate currently being used for the PingFederate connection.

    To show just the verification certificates, select Verification Certificates in the filter list at the top of the page.

  11. On the Usage tab, click PingFederate and upload the new certificate.
In PingFederate
  1. Go to Applications > SP Connections
  2. Click the PingOne connection.
  3. Go to Credentials > Configure Credentials > Digital Signature Settings, and in the Signing Certificate list, select the certificate that you created.
  4. Click Save.