Service authentication
Service authentication uses the OAuth 2.0 client credentials flow to authenticate as an application rather than a user. No browser or human interaction is required, making it the right choice for automated and unattended environments.
When to use service authentication
Use service authentication when:
-
Ping CLI is running inside a CI/CD pipeline (for example, GitHub Actions, Jenkins, or similar).
-
You are running scheduled or scripted operations where no human operator is present.
-
You are using a service account or a dedicated application client rather than a personal administrator account.
Configuration
Service authentication is configured for each connector when you connect a service to Ping CLI. The relevant setting is service.<connector>.authentication.type, which must be set to client_credentials. Client credentials (client ID and client secret) are also set at this stage.
If you have not yet connected a service, see Connect Ping Identity services first.
No login step required
When client credentials are correctly provided, either through environment variables or a pre-seeded configuration file, Ping CLI authenticates automatically using those credentials whenever it needs to call a service. There is no need to run auth login or auth logout in this flow; those commands are for interactive user authentication and do not apply to service authentication.