---
title: Managing IdP connections
description: As a service provider (SP) site, you can manage connection settings to support the exchange of federation-protocol messages, such as OpenID Connect, SAML, WS-Federation, or WS-Trust, with an identity provider (IdP), OAuth client, OpenID Provider (OP), or security token service (STS) client application at your site.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_manag_idp_connect
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_manag_idp_connect.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: May 10, 2023
section_ids:
  administrative-interface: Administrative interface
---

# Managing IdP connections

As a service provider (SP) site, you can manage connection settings to support the exchange of federation-protocol messages, such as OpenID Connect, SAML, WS-Federation, or WS-Trust, with an identity provider (IdP), OAuth client, OpenID Provider (OP), or security token service (STS) client application at your site.

These settings include:

* User attributes that you expect to receive in an SSO token such as a SAML assertion or WS-Trust STS SAML token.

* User attributes the you expect the OP to return in an ID token or through its user information, UserInfo, endpoint on-demand.

* User attributes that may be requested using the SAML Attribute Query profile if that profile is used.

* The protocol, profiles, and bindings of the connection, including detailed security specifications such as the use of back-channel authentication, digital signatures, signature verification, and XML encryption.

To establish a connection, you and your partner must have decided this information in advance. For more information, see [Federation planning checklist](../introduction_to_pingfederate/pf_fed_plan_checklist.html).

As an SP site, you respond to user requests for single sign-on (SSO) and single logout (SLO) by creating or closing user sessions, respectively, in local applications. You integrate these applications with PingFederate by configuring them with SP adapter instances. Furthermore, in preparation for configuring a new SSO connection, you need to know which adapter instance or authentication policy contract to use. For more information, see [Managing target session mappings](help_usersessioncreationtasklet_configadaptermappingstate.html).

No adapter instance or authentication policy contract is required for a connection that uses only the Attribute Query profile. For more information, see [Manage the Attribute Query profile in an IdP connection](help_idpconnectionconfigtasklet_attributeauthoritystate.html).

If you intend to pass attribute values to an adapter instance from a local datastore, you must define the datastore during this configuration. If you have not done so already, see [Managing datastores](pf_managing_datastores.html).

## Administrative interface

You manage connection settings in the **Authentication > Integration > IdP Connections** window, which organizes the settings into a series of primary tasks. Some primary tasks have one or more levels of sub tasks. Each primary or sub task has its own tab, where you manage one or more settings. You can move to a sibling task using the **Next** or **Previous** button. If you are on a sub task, you can also move to its parent task using the **Done** button.

When creating a new connection, you can save your progress using the **Save Draft** button. Note that not all tabs offer this option. When you reach the **Activation & Summary** tab, you must click **Save** to complete the new connection.

When editing an existing connection, you can make changes and then click **Save** to commit your changes. In order words, you are not required to step through all tabs to reach the **Activation & Summary** tab before you can save your changes.

|   |                                                                                                                                                                                                            |
| - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The **Save** button is available on most tabs. If a tab does not show a **Save** button, click **Next** or **Done** until you reach to a tab where you can use the **Save** button to commit your changes. |