Choosing roles and protocols - PingFederate Bridge

Choosing roles and protocols - PingFederate Bridge - 10.1

PingFederate Bridge

bundle

pingfederatebridge-101

ft:publication_title

PingFederate Bridge

Product_Version_ce

PingFederate Bridge 10.1

category

Administration

Administrator

Audience

Capability

ContentType

DeploymentMethod

MultifactorauthenticationMFA

Product

Productdocumentation

SingleSignonSSO

Software

Usertask

pfb

pfb-101

ContentType_ce

Product documentation

Page created: 17 Jun 2020 |

Page updated: 5 May 2022

| 2 min read

Product PingFederate Bridge 10.1 Content Type Product documentation Deployment Method Software Audience Administrator Multi-factor authentication (MFA) Capability Single Sign-on (SSO) User task Administration Configuration

On the Roles and Protocols tab, you can select the roles your organization plays and the sets of standards you will use with your PingFederate Bridge server.

Depending on the selected roles and protocols, you might be prompted to provide additional information on a subsequent tab. If your use cases require roles or protocols that have not yet been selected, you must return to this tab to make the selections before you can configure those new use cases.

Go to System > Server to open theProtocol Settings window.
On the Roles & Protocols tab, select your federation roles, then select the applicable protocols.

Note:
Outbound provisioning for software as a service (SaaS) applications requires the use of the SAML 2.0.
Optional: If you are using PingFederate Bridge as an identity provider (IdP) for provisioning or have installed a SaaS connector package, select the Outbound Provisioning check box.

If this check box is not available, verify that your PingFederate Bridge license includes the Outbound Provisioning capability and the outbound provisioning properties are configured in the <pf_install>/pingfederate/bin/run.properties file.

Note:
After provisioning is configured for a connection, you cannot clear this check box. You must delete all provisioning configurations first. To suspend provisioning for an SP partner, you can deactivate the specific configuration. Alternatively, you can deactivate the associated SP connection. However, this will also disable singe sign-on (SSO) and single logout (SLO) transactions.
Optional: If you are using PingFederate Bridge as an SP for provisioning, select the Inbound Provisioning check box.
Optional: If you are using SAML 2.0 X.509 Attribute Sharing Profile (XASP) as an SP for multiple IdP connections, you can select the option to determine dynamically which connection to use, based on the X.509 certificate presented.

Tip:
After you make this selection and create XASP IdP connections, configure dynamic IdP discovery in the Attribute Requester Mapping window, which you access from System > Protocol Metadata. When the mapping is configured, you cannot clear the check box on the Roles and Protocols tab unless you first delete the mapping.
Click Next and continue with the rest of the configuration.

Tip:
When editing an existing configuration, you can also click Save as soon as the administrative console offers the opportunity to do so.