Managing environments - PingCentral - 1.10

PingCentral

bundle
pingcentral-110
ft:publication_title
PingCentral
Product_Version_ce
PingCentral 1.10
category
Administrator
Audience
Developer
Product
pc-110
pingcentral
ContentType_ce
Page created: 21 Apr 2022 |
Page updated: 3 Aug 2023
| 1 min read

Product PingCentral 1.10 Developer Audience Administrator

All environments managed within PingCentral, as well as connected PingFederate and PingAccess environments, display on the Environments page, where you can view and update information about each environment and delete them from PingCentral when they are no longer needed.

Items worth mentioning:

  • If you add PingAccess environments to PingCentral, ensure that PingFederate is configured as the PingAccess token provider. See Configuring PingFederate as a PingAccess token provider for details.
  • If your application owners promote SAML applications to PingFederate or PingAccess environments, ensure that the appropriate trusted certificate authority (CA) certificates are available in PingCentral. See Adding trusted CA certificates to PingCentral for details.
    Note:

    Starting with PingCentral 1.8, trusted CA certificates are stored in the PingCentral database instead of an external trust store. Certificates that exist in this trust store in previous versions are imported to the PingCentral database during the upgrade process.

Adding a PingFederate environment

Page created: 21 Apr 2022 |
Page updated: 3 Aug 2023
| 3 min read

Product PingCentral 1.10 Developer Audience Administrator

Use the wizard to add PingFederate environment to PingCentral.

  1. On the Environments page, click Add Environment.
  2. On the Connect to Instances page, Complete the PingFederate Admin, PingFederate Admin Username, and PingFederate Admin Password fields with your authentication information.

    If this is the first time you have set up this environment, and you set it up correctly, you won't see a Skip Verification option. However, if the initial validation fails, this option shows. If selected, it allows you to skip the validation process.

  3. Click Next.
  4. On the Name Environment page, complete the Name, Short Code, and Description fields.
  5. Optional: To configure if non-administrators need approval for promoting an application to an environment, select an option from the Approval Type.
    • Select No Approval to allow non-administrators to promote applications to the environment freely.
    • Select Approval Required to indicate that application promotion requires approval.
    • Select Require Approval If Any Expression Fails and proceed to the next step to configure an Approval Expression.
    • Select Require Approval If Any Expression Succeeds and proceed to the next step to configure an Approval Expression.
    If you selected Require Approval If Any Expression Fails or Require Approval If Any Expression Succeeds, you must configure a Spring Expression Language (SpEL) expression in the Approval Expression field. SpEL expressions are used to determine whether an application requires approval or not. See Create and test expressions.
    For more information on SpEL, see Spring Expression Language (SpEL) in the Spring Framework documentation.
  6. Optional: To prevent non-administrators from promoting applications to the environment, select the Protect check box.
  7. Optional: To enforce random secret generation and restrict non-administrators from creating their own, select the Generate Client Secret on Promotion check box. PingCentral will generate random client secrets.
  8. Optional: To add an identity provider certificate, select the appropriate certificate in the Signing Certificate list or to upload your own certificate, click Choose and enter the certificate password in the appropriate field. Click Save and Close.
    The environment is displayed on the Environments page. If you chose to protect the environment, a shield icon displays next to its name. A PF icon also displays. The color of this icon represents the status of the environment. A green PF icon indicates that the environment is verified while a red PF icon indicates that the environment isn't verified.
  9. Click Save and Continue.
  10. Click the expandable icon associated with the environment to view environment details. Environment details include:
    • A link to PingFederate.
    • A description of the environment.
    • The total number of applications hosted on this environment and a breakdown of OAuth/OIDC clients and SAML service provider (SP) connections. Click these links to access filtered lists of these applications on the Applications page.
      A screen capture showing the Environments page, which lists all of the PingCentral environments and displays details regarding each environment when the associated expandable icon is clicked.

Updating environments

Page created: 21 Apr 2022 |
Page updated: 3 Aug 2023
| 1 min read

Product PingCentral 1.10 Developer Audience Administrator

Update PingFederate and PingAccess environment information at any time.

  1. To edit environment information, click the expandable icon associated with it, and then click the Pencil icon. All of the editable information displays on one page.
    OptionDescription
    To update the name and description: To update the name and description, change the information in the Name, Short Code, and Description fields.
    To update the assertion encryption certificate: To update the assertion encryption certificate, click Choose to upload a new certificate and enter the certificate password in the appropriate field.
    To update connection information: To update the connection information for either a PingFederate or PingAccess environment, change the information in the Username and Password fields.
    Note:

    If a PingAccess environment is added to PingCentral and removed through the edit page, the connection information is saved and restored if the PingAccess environment is selected again.

    To add or remove protection status: To add or remove the protected status of an environment, which prevents non-administrators from promoting applications to the environment, select or clear the Only Administrators Can Promote Applications check box.
    To update the signing certificate: To update the signing certificate used to promote SAML applications, select the appropriate certificate in the Signing Certificate list or upload your own.
    To update the SP certificate: To update the SP certificate, click Choose to upload a new certificate and enter the certificate password in the appropriate field.
    To update the assertion encryption certificate: To update the assertion encryption certificate, click Choose to upload a new certificate and enter the certificate password in the appropriate field.
  2. Click Save.

Deleting environments

Page created: 21 Apr 2022 |
Page updated: 3 Aug 2023
| 1 min read

Product PingCentral 1.10 Developer Audience Administrator

Delete environments from PingCentral when they are no longer needed.

  1. Click the expandable icon associated with the environment to view environment details.
  2. To delete the environment from PingCentral, click its associated Delete icon.
    A message displays asking you if you want to delete the environment.
  3. Click Delete.
    A message displays saying that the environment was deleted.
    Note: When an environment is deleted, applications that were promoted to that environment retain the promotion details from the deleted environment.

Configuring PingFederate as a PingAccess token provider

Page created: 21 Apr 2022 |
Page updated: 3 Aug 2023
| 1 min read

Product PingCentral 1.10 Developer Audience Administrator

To add PingAccess environments to PingCentral, PingFederate must be configured as the token provider. If you have PingFederate and PingAccess environments established, this configuration is likely in place.

To configure PingFederate as the token provider for PingAccess, the Issuer URL in PingAccess must either match the Base URL in PingFederate, or one of the virtual hosts defined in PingFederate.
  1. To configure PingFederate as a PingAccess token provider, ensure the PingAccess Issuer URL and the PingFederate Base URL match.
    If a virtual host is defined in PingFederate, continue to step 3.
  2. To locate this information:
    • In PingFederate, to locate the Base URL field, go to System > Protocol Settings > Federation Info, as shown in the following example.

    • In PingAccess, to locate the Issuer URLfield, go to System > Token Provider.
      Note: In some versions of PingAccess, the Issuer URL might exist as separate Host and Port fields.
  3. If a virtual host is defined in PingFederate, the PingAccess Issuer URL can reference that instead of Base URL. In PingFederate, to locate the virtual host, go the System > Virtual Host Names page and review the information in the Host Domain Name field.

Adding trusted CA certificates to PingCentral

Page created: 21 Apr 2022 |
Page updated: 3 Aug 2023
| 1 min read

Product PingCentral 1.10 Developer Audience Administrator

For application owners to securely promote SAML applications to PingFederate and PingAccess environments, trusted certificate authority (CA) certificates must be available in PingCentral.

  1. To add a trusted certificate to PingCentral, select the Settings tab.
  2. Expand the Security menu and select Trusted CA Certificates.
    The Trusted CA Certificates page displays a list of the certificates currently available in PingCentral.
  3. Click Add Certificate.
  4. In the Add Certificate window, in the Alias field, enter a unique name for the certificate.
  5. Click Choose File, select the certificate, and click Add to upload it.
    The certificate displays in the list of trusted CA certificates.
  6. Click the Expand icon for the certificate to view details.

    An screen capture of the Trusted CA Certificate page containing several certificates. The Test signing cert certificate is expanded.