Prepare for Single Sign-On (SSO) > PingFederate Configuration > Experience Service Client Configuration
  
Experience Service Client Configuration
Complete the following steps to define a client on your PingFederate server for your Experience Service. Default values can be used for any setting not mentioned below.
1. Log in to the PingFederate administration application.
2. Select Applications from the navigation pane.
3. Click OAuth and then Clients. Then, click New Client
4. Specify the following values for the settings, and click Save:
Setting
Value
Notes
CLIENT ID
Set this equal to the <es-client-id> parameter identified in the “SSO Configuration Parameters” section above.
This value is required when installing the Experience Service.
NAME
Choose a descriptive name. For example, “Experience Service”.
This value is displayed to the user when they authenticate to the Experience Service.
CLIENT AUTHENTICATION
Set this equal to the <es-client-secret> parameter identified in the “SSO Configuration Parameters” section above.
This value is required when installing the Experience Service.
REDIRECT URIS
Add the <es-redirect-uri> parameter identified in the “SSO Configuration Parameters” section above to the list of Redirection URIs.
BYPASS AUTHORIZATION APPROVAL
Select the checkbox.
ALLOW GRANT TYPES
Select the following grant types:
Authorization Code
Implicit
Refresh Token
Client Credentials
Access Token Validation (Client is a Resource Server)
DEFAULT ACCESS TOKEN MANAGER
Select the access token manager that was created when configuring PingFederate for ThingWorx.
REQUIRE PROOF KEY FOR CODE EXCHANGE (PKCE)
Leave unchecked.
PERSISTENT GRANTS MAX LIFETIME
We recommend 2 minutes, but this can be set as desired.
REFRESH TOKEN ROLLING POLICY
Set this equal to Roll.
5. Next, configure the Vuforia Studio client.