Configuring PingOne AIC

The following sections describe the configuration steps required in PingOne AIC. If you are using PingOne PingID, see Configuring PingOne PingID.

Adding a Secrets Variable

To add a Secrets variable, do the following:

  1. Sign in to the PingOne AIC console.
  2. Go to Tenant Settings from your profile on the right side top corner.
  3. Select the Variables tab.
  4. Click Add below var.
  5. Provide a Description, for example “YFPR Service - Client Secret”, and leave the recommended Expires option as-is.
  6. Click Add.
  7. Save the value of the Secret, this will be used later as the FIDO_Connector_Client_Secret parameter.

Creating a Registration Journey

To create a Journey for the credential registration, do the following:

  1. Sign in to the PingOne AIC console.
  2. Create/Import the Registration Journey template provided by Yubico.

Creating an Authentication Journey

To create a Journey for authentication, do the following:

  1. Sign in to the PingOne AIC console.
  2. Create/import the Authentication Journey template provided by Yubico.
  3. Make this the default authentication journey.

Enabling On-behalf of Registration

In this step you will create a client application that will be used by the FIDO Connector to call the previously created Registration Journey, and retrieve the Client ID and Client Secret values.

To create and register the client application, do the following:

  1. Sign in to the PingAIC console.
  2. Go to Applications.
  3. Click + Custom Application.
  4. Create an OIDC Service Application with a confidential secret.
  5. Provide a descriptive Application Name, for example “Yubico FIDO Pre-reg Service”.
  6. Click Save.
  7. After successfully registering the app, go to OAuth2 Clients.
  8. Select the previously created application and go to Sign On.
  9. Save the value of Client ID, this will be used later as the FIDO_Connector_PingOne_AIC_Client_Id parameter in the ARM template.
  10. Save the value of the Client Secret, this will be used later as the FIDO_Connector_PingOne_AIC_Client_Secret in the ARM template.
  11. Configure the following variables, for values see Configuring Environment Variables:
    1. PING_AIC_REALM
    2. PING_AIC_AUTH_BASE_URL
    3. PING_AIC_API_BASE_URL