---
title: Configuring SSO token creation
description: As an identity provider (IdP), you must specify how PingFederate obtains user-authentication information and use it to create single sign-on (SSO) tokens appropriate for your service provider (SP) partner, including additional user attributes as needed.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_spbrowserssotasklet_assertioncreationstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_spbrowserssotasklet_assertioncreationstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Configuring SSO token creation

As an identity provider (IdP), you must specify how PingFederate obtains user-authentication information and use it to create single sign-on (SSO) tokens appropriate for your service provider (SP) partner, including additional user attributes as needed.

## About this task

If you are a federation hub bridging a service provider to one or more identity providers, you can associate one or more authentication policy contracts to the SP connection. For more information, see [Federation hub use cases](../introduction_to_pingfederate/pf_fed_hub_use_case.html).

The configuration involves choosing an identity-mapping method, if applicable; establishing an attribute contract, as needed; and mapping one or more IdP adapter instances, authentication policy contracts, or both.

## Steps

1. Go to **Applications > Integration > SP Connections**.

2. Click on the SP connection that you want to configure.

3. Follow the steps to reach the **Browser SSO** tab for your connection. For more information, see [Configure IdP Browser SSO](help_spconnectionconfigtasklet_spbrowserssostate.html).

4. On the **Assertion Creation** tab, click **Configure Assertion Creation**.