---
title: Before you begin
description: Outlines the prerequisites and server configuration steps required before starting the Android OIDC sign-on module tutorial for PingFederate.
component: orchsdks
page_id: orchsdks:oidc:try-it-out/android/pingfed/00_before-you-begin
canonical_url: https://developer.pingidentity.com/orchsdks/oidc/try-it-out/android/pingfed/00_before-you-begin.html
revdate: Thu, 2 Apr 2026 11:33:37 +0100
keywords: ["OAuth 2.0", "OpenID Connect", "Tutorial", "Source Code", "Integration", "SDK", "Android", "PingFederate", "prerequisites"]
section_ids:
  prerequisites: Prerequisites
  server_configuration: Server configuration
---

# Before you begin

[icon: circle-check, set=far]PingFederate [icon: android, set=fab]Android

* **Prepare**

* [Download](01_download-sample-repo.html)

* [Configure](02_configuring-sample-for-pingfed.html)

* [Run](03_running-sample-pingfed.html)

To successfully complete this tutorial refer to the prerequisites and compatibility requirements in this section.

The tutorial also requires a configured PingFederate server.

## Prerequisites

* Android Studio

  Download and install [Android Studio](https://developer.android.com/studio), which is available for many popular operating systems.

* An Android emulator or physical device

  To try the quick start application as you develop it, you need an Android device. To add a virtual, emulated Android device to Android Studio, refer to [Create and manage virtual devices](https://developer.android.com/studio/run/managing-avds), on the **Android Developers** website.

## Server configuration

This tutorial requires you to configure your PingFederate server as follows:

> **Collapse: Task 1. Register a public OAuth 2.0 client**
>
> OAuth 2.0 client application profiles define how applications connect to PingFederate and obtain OAuth 2.0 tokens.
>
> To allow the Orchestration SDKs to connect to PingFederate and obtain OAuth 2.0 tokens, you must register an OAuth 2.0 client application:
>
> 1. Log in to the PingFederate administration console as an administrator.
>
> 2. Navigate to **Applications** [icon: angle-right, set=fa] **OAuth** [icon: angle-right, set=fa] **Clients**.
>
> 3. Click **Add Client**.
>
>    PingFederate displays the **Clients | Client** page.
>
> 4. In **Client ID** and **Name**, enter a name for the profile, for example `sdkPublicClient`
>
>    Make a note of the **Client ID** value, you will need it when you configure the sample code.
>
> 5. In **Client Authentication**, select `None`.
>
> 6. In **Redirect URIs**, add the following:
>
>    `com.example.demo://oauth2redirect`
>
>    |   |                                                                                                                                                                                                                                                                                   |
>    | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
>    |   | Also add any other URLs where you host SDK applications.Failure to add redirect URLs that exactly match your client app's values can cause PingFederate to display an error message such as `Redirect URI mismatch` when attempting to end a session by redirecting from the SDK. |
>
> 7. In **Allowed Grant Types**, select the following values:
>
>    `Authorization Code`
>
>    `Refresh Token`
>
> 8. In the **OpenID Connect** section:
>
>    1. In **Logout Mode**, select **Ping Front-Channel**
>
>    2. In **Front-Channel Logout URIs**, add the following:
>
>       `com.example.demo://oauth2redirect`
>
>       |   |                                                                                                                                                                                                                                                                                                                       |
>       | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
>       |   | Also add any other URLs that redirect users to PingFederate to end their session.Failure to add sign off URLs that exactly match your client app's values can cause PingFederate to display an error message such as `invalid post logout redirect URI` when attempting to end a session by redirecting from the SDK. |
>
>    3. In **Post-Logout Redirect URIs**, add the following:
>
>       `com.example.demo://oauth2redirect`
>
> 9. Click Save.
>
>    |   |                                                                                                                                                                                                                                                                                                  |
>    | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
>    |   | After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.In the PingFederate administration console, navigate to **System > Server > Cluster Management**, and click **Replicate**. |
>
>    The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the Orchestration SDK PingFederate example applications and tutorials covered by this documentation.

> **Collapse: Task 2. Configure CORS**
>
> [Cross-origin resource sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) lets user agents make cross-domain server requests. In PingFederate, you can configure CORS to allow browsers or apps from trusted domains to access protected resources.
>
> To configure CORS in PingFederate follow these steps:
>
> 1. Log in to the PingFederate administration console as an administrator.
>
> 2. Navigate to **System** [icon: angle-right, set=fa] **OAuth Settings** [icon: angle-right, set=fa] **Authorization Server Settings**.
>
> 3. In the **Cross-Origin Resource Sharing Settings** section, in the **Allowed Origin** field, enter any DNS aliases you use for your SDK apps.
>
>    This documentation assumes the following configuration:
>
>    | Property         | Values                              |
>    | ---------------- | ----------------------------------- |
>    | `Allowed Origin` | `com.example.demo://oauth2redirect` |
>
> 4. Click **Save**.
>
>    |   |                                                                                                                                                                                                                                                                                                  |
>    | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
>    |   | After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.In the PingFederate administration console, navigate to **System > Server > Cluster Management**, and click **Replicate**. |
>
>    Your PingFederate server is now able to accept connections from origins hosting apps built with the Orchestration SDKs.