PingOne Platform APIs

Gateway Management

A PingOne gateway connects resources in a remote security domain (such as, an on-premises datacenter or a hosted private cloud) with a PingOne environment. Gateways give you the ability to tie your organizations on-premise resources into PingOne.

You can create gateway resources in PingOne, and then manage the gateways from PingOne. There are gateway endpoints to return information about the health of the gateway, errors generated by the gateway, and gateway instance runtime metrics.

Once you’ve created the gateway in PingOne, users in the remote directory are created through the gateway as PingOne users the first time they sign on to PingOne.

The following resources are managed through the PingOne Gateway service:

Gateways and gateway instances

To create the communication linkage between PingOne and your remote directory, you need to deploy software in your infrastructure that can communicate with both PingOne and your remote directory. There are two parts to successfully getting the software in place:

  1. Configuring a gateway in PingOne.

  2. Running a Docker instance that’s configured for the PingOne gateway in your on-premise or cloud-hosted environment. The running Docker container is known as a gateway instance. For testing purposes, a single gateway instance is sufficient, but for production deployments, multiple gateway instances should be deployed for high availability.

    Note: PingOne provides a Docker command accessible through the PingOne admin console that is already primed with a gateway credential and the right Docker image.

See Gateways and Gateway Instances for more information.

Gateway credentials

The gateway instance running within your infrastructure authenticates with PingOne through gateway credentials. Gateway credentials are supplied to a gateway instance at startup. A gateway credential is like a password, so it needs to be protected. For security reasons, PingOne doesn’t store the gateway credentials that you’ve generated, though you can always create new gateway credentials in the PingOne admin console. Multiple gateway instances can use the same gateway credentials. For more information about gateway credentials, see Gateway Credentials.

Gateway role assignments

If you’re using PingFederate, you can manage gateway access to PingOne resources using PingOne’s role-based access control (RBAC) model to assign a role to the gateway. See Gateway Role Assignments for more information.