.. config-pingaic.rst


.. _configure-pingaic:

============================
Configuring PingOne AIC
============================

The following sections describe the configuration steps required in PingOne AIC. If you are using *PingOne PingID*, see :ref:`configure-pingone`.

Adding a Secrets Variable
===========================

To add a Secrets variable, do the following: 

1. Sign in to the PingOne AIC console.
2. Go to **Tenant Settings** from your profile on the right side top corner.
3. Select the **Variables** tab.
4. Click **Add below var**.
5. Provide a **Description**, for example “YFPR Service - Client Secret”,  and leave the recommended **Expires** option as-is.
6. Click **Add**.
7. Save the value of the **Secret**, this will be used later as the ``FIDO_Connector_Client_Secret`` parameter.


.. _create-registration-journey:

Creating a Registration Journey
=================================

To create a Journey for the *credential registration*, do the following:

1. Sign in to the PingOne AIC console.
2. Create/Import the **Registration Journey** template :ref:`provided by Yubico <prerequisites>`.


Creating an Authentication Journey
===================================

To create a Journey for *authentication*, do the following:

1. Sign in to the PingOne AIC console.
2. Create/import the **Authentication Journey** template :ref:`provided by Yubico <prerequisites>`.
3. Make this the *default* authentication journey.


.. _enable-onbehalf-aic:

Enabling On-behalf of Registration
====================================
In this step you will create a client application that will be used by the FIDO Connector to call the :ref:`previously created Registration Journey <create-registration-journey>`, and retrieve the Client ID and Client Secret values.

To create and register the client application, do the following:

1. Sign in to the PingAIC console.
2. Go to **Applications**.
3. Click **+ Custom Application**.
4. Create an **OIDC Service Application** with a confidential secret.
5. Provide a descriptive **Application Name**, for example “Yubico FIDO Pre-reg Service”.
6. Click **Save**.
7. After successfully registering the app, go to **OAuth2 Clients**. 
8. Select the previously created application and go to **Sign On**.
9. Save the value of **Client ID**, this will be used later as the ``FIDO_Connector_PingOne_AIC_Client_Id`` parameter in the ARM template. 
10. Save the value of the **Client Secret**, this will be used later as the ``FIDO_Connector_PingOne_AIC_Client_Secret`` in the ARM template.
11. Configure the following variables, for values see :ref:`config-container-app`:

    a. ``PING_AIC_REALM``
    b. ``PING_AIC_AUTH_BASE_URL``
    c. ``PING_AIC_API_BASE_URL``