---
title: Creating a single sign-on connection
description: To allow PingFederate to handle single sign-on (SSO) authentication for WebSphere, create a service provider (SP) connection.
component: websphere
page_id: websphere:setup:gnc1590516299053
canonical_url: https://docs.pingidentity.com/integrations/websphere/setup/gnc1590516299053.html
revdate: July 5, 2024
section_ids:
  steps: Steps
---

# Creating a single sign-on connection

To allow PingFederate to handle single sign-on (SSO) authentication for WebSphere, create a service provider (SP) connection.

## Steps

1. Sign on to the PingFederate administrator console.

2. On the **Identity Provider** tab, in the **SP Connections** area, create a new connection.

   1. Click **Create new**.

   2. If you see the **Connection Template** tab, select **Do not use a template for this connection**. Click **Next**.

3. On the **Connection Type** tab, select only **Browser SSO Profiles**. Click **Next**.

4. On the **Connection Options** tab, select only **Browser SSO**. Click **Next**.

5. On the **Import Metadata** tab, select **File**. Click **Choose File**, select the `sp-metadata.xml` file that you saved in [Configuring single sign-on in WebSphere](pf_websphere_integration_configuring_single_sign_on_in_websphere.html), and then click **Open**. Click **Next**.

6. On the **General Info** tab, the basic connection information is populated by the metadata XML file. Click **Next**.

7. On the **Browser SSO** tab, configure browser SSO.

   For a complete guide, see [Configure IdP Browser SSO](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spconnectionconfigtasklet_spbrowserssostate.html) in the PingFederate documentation.

   1. On the **Browser SSO > SAML Profiles** tab, select only **IdP-Initiated SSO**.

8. On the **Credentials** tab, configure the connection credentials. Click **Next**.

   For a complete guide, see [Configuring credentials](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spconnectionconfigtasklet_credentialsstate.html) in the PingFederate documentation.

   * On the **Credentials > Digital Signature Settings** tab, select the **Include the certificate in the signature \<KeyInfo> element** check box.

9. On the **Activation and Summary** tab, above the **Summary** section, turn on the connection.

10. Note the **SSO Application Endpoint** URL. You can use this to enable SP-initiated single sign-on in [Configuring single sign-on in WebSphere](pf_websphere_integration_configuring_single_sign_on_in_websphere.html). Click **Save**.