---
title: Configuring an OAuth assertion grant IdP connection
description: An OAuth assertion grant connection exchanges a SAML assertion or a JSON web token (JWT) for an OAuth access token with the PingFederate OAuth authorization server.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_idpconnectionconfigtasklet_oauthsamlgrantattributemappingstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_idpconnectionconfigtasklet_oauthsamlgrantattributemappingstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Configuring an OAuth assertion grant IdP connection

An OAuth assertion grant connection exchanges a SAML assertion or a JSON web token (JWT) for an OAuth access token with the PingFederate OAuth authorization server.

## About this task

You can configure an OAuth assertion grant connection with an identity provider (IdP) partner either in conjunction with browser-based single sign-on (SSO), WS-Trust, or independently.

For more information, see [Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://tools.ietf.org/html/rfc7522) and [JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://tools.ietf.org/html/rfc7523).

## Steps

1. Go to **Authentication > Integration > IdP Connections** and then click **Create Connection**.

2. On the **Connection Type** tab, select the **OAuth Assertion Grant** checkbox.

   |   |                                                                                                                                                                                                                                   |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You can also select other options, such as the **Browser SSO Profiles** checkbox. If you do, you will be prompted to complete the required configuration. This topic only focuses on the **OAuth Assertion Grant** configuration. |

3. On the **General Info** tab, enter the required information.

4. On the **OAuth Assertion Grant Attribute Mapping** tab, click **Configure OAuth Assertion Grant Attribute Mapping**.