Overview
PingFederate is an enterprise federation server that enables user authentication and single sign-on. It serves as a global authentication authority, allowing customers, employees, and partners to access the applications they need from any device securely.
Grip uses two methods to retrieve activity from PingFederate:
Administrative API Access – PingFederate administrative API to retrieve meta-data of the SSOs defined in the console.
Audit Logs – PingFederate audit log files to analyze the users’ activity.
In this document, we will generate a token for API Access and extract the relevant files from the Audit Logs.
Administrative API Access
Allow Grip read-only access to PingFederate; we must first set up the integration in the PingFederate interface.
In PingFederate, navigate to the System tab.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
Choose Administrative Accounts.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
To create a new user for Grip, click Create User.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
Click Next and then click Generate One-Time Password.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
Save this password for later. We will need to reset it.
Click Next, and then click Save on the next page.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
Return to the Administrative Accounts page and change GripUser to the Auditor type. This means that the user is read-only and will not have permission to change anything in the interface or via the administrative API1.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
Click Save.
To make the user active, log in with this user once. Then, log out of the interface and log in with this user and the password we saved in the previous step.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
Reset the password and click Save.
.png?sv=2022-11-02&spr=https&st=2025-06-07T09%3A22%3A32Z&se=2025-06-07T09%3A33%3A32Z&sr=c&sp=r&sig=gMsJZsvRpSRY3MOpn4x%2FwdclZXncGHxkGe%2FddForFhA%3D)
Grip Security now has read-only access to your PingFederate.
What's Next?
Save the new password and transfer it securely to the Grip team.
Audit Logs
Grip uses the audit log files to analyze users’ activity.
Grip needs the following files to get started:
audit.log – The security-audit and regulatory compliance purposes log.
log4j2.xml – The configuration of the log files pattern.
The log files are in the following path:
<pf_install>/pingfederate/log
The logs configuration file is in the following path:
<pf_install>/pingfederate/server/default/conf/log4j2.xml