Use Cases

Getting Started with PingFederate

Use this workflow to guide you in setting up PingFederate.

Component

PingFederate 10.3

Prerequisites

Key terms and concepts

For more information on the following terms and concepts, see Introduction to PingFederate and its subtopics.

Identity provider (IdP)

A trusted provider that issues authentication assertions to grant access to other resources.

Service provider (SP)

A provider that receives authentication assertions from an IdP and grants or denies resource access.

WS-Trust Security Token Service (STS)

A protocol for systems and applications to use when requesting a service to issue, validate, and exchange security tokens.

OAuth 2.0

A protocol for securing application access to protected resources by issuing access tokens to clients of Representational State Transfer (REST) APIs, and non-REST APIs.

Browser-based SSO

Enables users to securely authenticate with multiple applications and websites by logging in only once.

Downloading and installing PingFederate

Steps

  1. Download PingFederate.

  2. Install Pingfederate.

  3. Start PingFederate and then open the administrative console.

    The first time you open the administrative console, PingFederate guides you through the setup wizard.

  4. Familiarize yourself with the PingFederate administrative console.

    The PingFederate user interface consists of menus, windows, and tabs.

Additional information

After you finish setting up PingFederate, you can begin the following tasks:

  • Create an IdP adapter.

    An IdP adapter is used to look up session information and provide user identification to PingFederate.

  • Create an SP connection.

    As an IdP, you manage connection settings to support the exchange of federation-protocol messages (SAML, WS-Federation, or WS-Trust) with an SP or STS client application at your site.

  • Create an SP adapter.

    An SP adapter is used to create a local-application session for a user in order for PingFederate to provide SSO access to your applications or other protected resources.

  • Create an IdP connection

    As a Service Provider, you manage connection settings to support the exchange of federation-protocol messages (OpenID Connect, SAML, WS-Federation, or WS-Trust) with an IdP, OAuth client, OpenID Provider (OP), or STS client application at your site.

  • You can download the PingFederate Security Hardening Guide for security-related best practices.

    This requires a Ping Identity account.

  • Integrate PingFederate with a supported hardware security module (HSM).

    Standards such as the Federal Information Processing Standard (FIPS) 140-2 require the storage and processing of all keys and certificates on a certified cryptographic module.

For more information, see the PingFederate documentation.