Configuration Automation - Ping CLI

Connect PingOne to Ping CLI

The way Ping CLI authenticates to PingOne uses a worker application that has administrator roles assigned.

The following guide provides insight on how to connect a PingOne tenant to Ping CLI.

Requirements

PingOne subscription / trial

To get started using PingOne for Ping CLI, you’ll need an active PingOne cloud subscription. Get instant access with a PingOne trial account, or read more about Ping Identity at pingidentity.com

Configure PingOne for Ping CLI access

The Ping CLI requires the ability to connect to the PingOne Management APIs through the use of a worker application that has administrative roles assigned.

The following steps describe how to create a worker application that Ping CLI can use:

  1. Sign on to your PingOne Administration Console. During the registration for a trial, a link is sent to your provided email address.

  2. Open the Administrators environment. Note that any environment can be used.

  3. Navigate to the Applications link.

    Expand Screenshot
    PingOne Administration Console

  4. Add a new Application with the + icon.

    Expand Screenshot
    PingOne Administration Console

  5. Set a name and an optional description. Make sure Worker is selected as the application type.

    Expand Screenshot
    PingOne Administration Console

  6. Enable the application with the toggle switch.

    Expand Screenshot
    PingOne Administration Console

  7. Click on the Roles tab, and set administrative roles accordingly. Example roles to be able to manage environments and their configurations are shown in the example screenshot. You can find more information about role permissions in the PingOne Cloud Platform online documentation.

    Expand Screenshot
    PingOne Administration Console

  8. Click on the Configuration tab, expand the General section and extract the Client ID, Client Secret and Environment ID values. These values are used to authenticate the provider to your PingOne tenant.

    Expand Screenshot
    PingOne Administration Console

Configure Ping CLI with PingOne authentication details

Run the following Ping CLI commands, replacing the following configuration key values:

  • service.pingone.authentication.worker.clientID with the Client ID value of the worker application

  • service.pingone.authentication.worker.clientSecret with the Client Secret value of the worker application

  • service.pingone.authentication.worker.environmentID with the Environment ID value from your worker application

  • service.pingone.regionCode with the region code is correct for your tenant. See the Configuration Settings Reference for available region code values.

pingcli config set "service.pingone.authentication.type=worker"
pingcli config set "service.pingone.authentication.worker.clientID=942b****-****-****-****-********985c"
pingcli config set "service.pingone.authentication.worker.clientSecret=****"
pingcli config set "service.pingone.authentication.worker.environmentID=1797****-****-****-****-********21d2"
pingcli config set "service.pingone.regionCode=EU"

Optionally, you can configure the PingOne service against a custom configuration profile using the --profile option flag (or the short code flag -P). Learn more in Managing Configuration Profiles.

Ping CLI is now configured with the PingOne service.