1. Add your PingFederate server certificate under Trusted Certificate Groups as described in Importing certificates and create a trusted certificate group.
  2. Configure PingFederate runtime settings as described in Configuring the token provider using the following values.
    Parameter Value

    Host

    Enter your PingFederate host name.

    Port

    Enter your PingFederate port number.

    Secure

    Yes

    Trusted Certificate Group

    Select the group to which you added your PingFederate certificate.

    All other parameters

    Accept the defaults.
  3. Configure PingFederate administration settings as described in Configuring the token provider using the following values.
    Parameter Value

    Host

    Enter your PingFederate host name.

    Port

    Enter your PingFederate port number.

    Admin Username

    Enter the login name for your PingFederate administrator.

    Admin Password

    Enter the password for your PingFederate administrator.

    Secure

    Yes

    Trusted Certificate Group

    Select the group to which you added your PingFederate certificate.

    All other parameters

    Accept the defaults.
  4. Configure PingFederate OAuth server settings as described in Configuring the token provider using the following values.
    Parameter Value

    Client ID

    pa_rs

    Client Secret

    Enter your client secret.

    Subject Attribute Name

    UserName

    All other parameters

    Accept the defaults.
  5. Go to Main > Sites > Sites to add a site for PingFederate to protect.

    Detailed steps differ by deployment. For more information, see Adding sites.

  6. Add an identity mapping for your site as described in Creating JWT identity mappings using the following values.
    Parameter Value

    Name

    Enter a name for the identity mapping.

    Type

    Select Header Identity Mapping, and create a sub attribute with a header name of X-USER.

    All other parameters

    Accept the defaults.
  7. Add a web session for your site as described in Creating web sessions using the following values.
    Parameter Value

    Name

    Enter a name for your web session.

    Cookie Type

    Encrypted JWT

    Audience

    global

    OpenID Connect Login Type

    Code

    Client ID

    pa_wam

    Client Secret

    Enter your organization's client secret.
    All other parameters

    Accept the defaults.
  8. Add an application to protect within the site as described in Adding applications.
  9. Enable your application.