Getting Started with PingFederate
Use this workflow to guide you in setting up PingFederate.
Prerequisites
-
If you do not have a PingFederate license, contact sales@pingidentity.com.
-
Make sure your environment meets the system requirements (page 109).
Key terms and concepts
You can find more information on the following terms and concepts in Introduction to PingFederate (page 26) and its subtopics.
- Identity provider (IdP)
-
A trusted provider that issues authentication assertions to grant access to other resources.
- Service provider (SP)
-
A provider that receives authentication assertions from an IdP and grants or denies resource access.
- WS-Trust Security Token Service (STS)
-
A protocol for systems and applications to use when requesting a service to issue, validate, and exchange security tokens.
- OAuth 2.0
-
A protocol for securing application access to protected resources by issuing access tokens to clients of Representational State Transfer (REST) APIs, and non-REST APIs.
- Browser-based SSO
-
Enables users to securely authenticate with multiple applications and websites by logging in only once.
Downloading and installing PingFederate
Steps
-
Install Pingfederate (page 108).
-
Start PingFederate (page 106) and then open the administrative console (page 158).
The first time you open the administrative console, PingFederate guides you through the setup wizard (page 159).
-
Familiarize yourself with the PingFederate administrative console (page 158).
The PingFederate user interface consists of menus, windows, and tabs.
Additional information
After you finish setting up PingFederate, you can begin the following tasks:
-
Create an IdP adapter (page 678).
An IdP adapter is used to look up session information and provide user identification to PingFederate.
-
Create an SP connection (page 411).
As an IdP, you manage connection settings to support the exchange of federation-protocol messages (SAML, WS-Federation, or WS-Trust) with an SP or STS client application at your site.
-
Create an SP adapter (page 667).
An SP adapter is used to create a local-application session for a user in order for PingFederate to provide SSO access to your applications or other protected resources.
-
Create an IdP connection (page 678)
As a Service Provider, you manage connection settings to support the exchange of federation-protocol messages (OpenID Connect, SAML, WS-Federation, or WS-Trust) with an IdP, OAuth client, OpenID Provider (OP), or STS client application at your site.
-
You can download the PingFederate Security Hardening Guide for security-related best practices.
This requires a Ping Identity account.
-
Integrate PingFederate with a supported hardware security module (HSM) (page 168).
Standards such as the Federal Information Processing Standard (FIPS) 140-2 require the storage and processing of all keys and certificates on a certified cryptographic module.
Learn more in PingFederate documentation.