---
title: "Configuring Ping"
slug: "configuring-ping"
updated: 2025-03-03T11:28:01Z
published: 2025-03-03T11:28:01Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.plainid.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring Ping

Integrating Ping with PlainID allows organizations to combine Ping’s identity federation with PlainID's powerful PBAC capabilities. This enhances security by ensuring that Authorization decisions are made based on dynamic, context-aware Policies, streamlining user Authentication, and Authorization processes. The integration also simplifies management by centralizing Policy enforcement, reducing the need for hardcoded rules in Applications.

Before continuing, ensure that you have access to PingFederate. For more information on how to install Ping, refer to their Installation documentation.

### Configuring a Ping Data Source

Integrating Ping with the PlainID Authorizer is based on setting up the PlainID Authorizer as an external data source in Ping and defining attributes extracted from the PlainID Authorizer response to be used as claims in token generated by Ping.

Refer to your Ping Administrator and official documentation to learn how to set up a data source and configure it manually in the Ping Admin UI or through APIs.

This setup will include:

- Adding and setting a new Data Source
- Configuring the OAuth Client
- Configuring Access Token Management and Mappings

***Note: The steps below provide high-level guidance only. Consult your Ping Administrator and official documentation for more information.***

#### Adding a Data Source

*Refer to [Ping's Data Source Documentation](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_specify_resourc_path_for_a_rest_api_datastore.html) for more details.*

**To add and set up a data source:**

1. Configure the **data source** to use a REST API for the PlainID Authorizer, providing the Authorizer's URL.
2. Add attributes to the data source that correspond to the Claim Keys you plan on configuring and mapping in the PlainID Token Enrichment Service for your Ping integration:
  - In the **JSON Response Attribute Type Path**, use the format `/{claimName}`, where `claimName` matches a key in the IDP's Token Enrichment JSON response (e.g., `/plainid`).
3. Set the following data source fields:
  - **Authentication Method**: Basic Authentication
  - **HTTP Method**: POST
  - **Username**: Your PlainID Scope **Client ID**
  - **Password**: Your PlainID Scope **Client Secret**
  - **Test Connection URL** (optional, under advanced fields): [http://<BASE_URL>/idp-hook/1.0/ping/test](http://localhost:5001/idp-hook/1.0/ping/test)
4. Click **Next** to save the data source.

#### OAuth Client

*Refer to [Pings OAuth documentation](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_configuring_oauth_clients.html) for more details on how to set up an OAuth Client.* **To configure an OAuth Client Application**:

1. Add a new OAuth Client Application.
2. Enter the Name, Client ID, and generate a Secret in the relevant fields.
3. Select the Client Credentials grant type.
  - The Client ID and Secret are used for Client authentication when configuring the PlainID Token Enrichment Service for the Ping application.

#### Access Token Management & Mappings

Refer to [Ping's Access Token Management article](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_access_token_management.html) for detailed information.

#### **To Create a New Access Token Management Instance:**

1. Enter a **Setup Name** and **ID**.
2. Select **JSON Web Tokens** as the token type.
3. Set the **JWS Algorithm** to **RSA SHA-256**.
4. Use a **Centralized Signing Key**.
5. Click **Next**. The **Access Token Attribute Contract** tab will open.
6. Under **Application OAuth Client**, set **JWT0** as the default Access Token Manager.
7. In the **Extend the Contract** section, add claim keys for Token Enrichment (used in the IDP Token Enrichment Service configuration under `apps.&lt;app&gt;.claims`), and mark it as **Multi-Value**.
8. Click **Add** and proceed through the tabs until the **Summary** tab opens.
9. Click **Save**.

#### **To Add Mappings to Your Access Token Manager:**

1. Add an **Attribute Source**, selecting the data source you configured earlier.
2. Under the **Configure Data Source Filters** tab, set up your filters based on [Ping's Data Source Filter article](https://docs.pingidentity.com/r/en-us/pingfederate-121/pf_specify_resourc_path_for_a_rest_api_datastore).
3. Set the **Resource Path** to the IDP Token Enrichment Service Ping Endpoint: `/idp-hook/1.0/ping/lookup`.
4. In the **Body** field, define the payload for the request to the PlainID IDP Token Enrichment Service.
5. Enter the required parameters, **ObjectID** and **client_id**, in the JSON request body, using your specific values:

```
{
  "ObjectID": "${ds.ldap.uid}",
  "client_id": "${context.ClientId}"
}
```
6. Optionally, use values from your data store with this syntax: `${ds.attr-source-id.attribute}`.
7. Set up **Contract Fulfillments**, selecting the previously defined data source.
8. For **Value**, configure the Claim from the PlainID Authorizer response.
9. Click **Next**, then **Save**.

After completing the setup in Ping you should also define a Ping Application and its configurations in the PlainID Token Enrichment Service configuration. Refer to the [IDP Webhook documentation](/v1/docs/idp-webhook) for more details.

### Additional Information

For more technical details on how to connect this vendor to your IDP Webhook, contact PlainID Support.