---
title: Configuring an OpenToken SP Adapter instance
description: Configure the OpenToken Adapter to determine how PingFederate communicates with your service provider application.
component: microsoft-iis
page_id: microsoft-iis:setup:pf_iis_ik_configuring_an_opentoken_sp_adapter_instance
canonical_url: https://docs.pingidentity.com/integrations/microsoft-iis/setup/pf_iis_ik_configuring_an_opentoken_sp_adapter_instance.html
revdate: July 2, 2025
section_ids:
  steps: Steps
---

# Configuring an OpenToken SP Adapter instance

Configure the OpenToken Adapter to determine how PingFederate communicates with your service provider application.

## Steps

1. In the PingFederate admin console, go to **Authentication > Integration > IdP Adapters**. Click **Create new Instance**.

2. On the **Type** tab, set the basic adapter instance attributes.

   1. In the **Instance Name** field, enter a name for the adapter instance.

   2. In the **Instance ID** field, enter a unique identifier for the adapter instance.

   3. In the **Type** list, select **OpenToken Adapter**. Click **Next**.

3. On the **Instance Configuration** tab, configure the adapter instance by referring to [Configuring an OpenToken SP Adapter instance](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_config_opentoken_sp_adapt_instance.html) in the PingFederate documentation. Click **Next**.

   |   |                                                                                                                                                                                               |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | If you use IIS to protect multiple sites on the same domain, in the OpenToken Adapter instance configuration, select **None** for SameSite Cookie, and select the **Secure Cookie** checkbox. |

4. Export the configuration file:

   1. On the **Actions** tab, click **Download**, then **Export**.

   2. Save the `agent-config.txt` file. Click **Next**.

5. On the **Extended Contract** tab, add any attributes you expect to retrieve other than the SAML subject. Click **Next**.

6. On the **Target App Info** tab, enter the basic information about your SP application. Click **Next**.

7. On the **Summary** tab, check and save your configuration. Click **Save**.

8. Create or update an identity provider (IdP) connection to use the OpenToken Adapter instance as shown in [Service provider SSO configuration](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_servic_provid_sso_config.html) in the PingFederate documentation.