How can PingIdentity be used for the purpose of using tokens between servers instead of passing around userIDs and passwords with ACF2?

In order to use an advanced authenticator (PingIdentity) ensure that the authenticator can use RADIUS. If the advanced authenticator uses RADIUS, then install Broadcom's Advanced Authentication Mainframe (AAM) which is licensed for users of ACF2. Configure the RADIUS server to accept requests from the z/OS system that AAM is running on. Ensure the z/OS system can communicate with the RADIUS server. ACF2 will be a client of the RADIUS server which will contact PingIdentity for authentication.

Documentation on Installing AAM

Documentation on how to Configure RADIUS Authentication for ACF2