--- title: SP connection management description: As an identity provider (IdP), you manage connection settings to support the exchange of federation-protocol messages such as SAML, WS-Federation, or WS-Trust with a service provider (SP) or security token service (STS) client application at your site. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:pf_sp_connect_management canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_sp_connect_management.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: May 6, 2024 section_ids: administrative-interface: Administrative interface --- # SP connection management As an identity provider (IdP), you manage connection settings to support the exchange of federation-protocol messages such as SAML, WS-Federation, or WS-Trust with a service provider (SP) or security token service (STS) client application at your site. The settings your IdP manages include: * User attributes that you expect to send in a single sign-on (SSO) token, including SAML assertions, WS-Trust STS SAML tokens, or WS-Federation JSON Web Tokens (JWT). * User attributes that are sent using the SAML Attribute Query profile, if that profile is used. For more information, see [Configuring the Attribute Query profile in an SP connection](help_spconnectionconfigtasklet_attributerequesterstate.html). * The protocol, profiles, and bindings of the connection, including detailed security specifications such as the use of back-channel authentication, digital signatures, signature verification, and XML encryption To establish a connection, you and your partner must decide this information in advance. For more information, see [Federation planning checklist](../introduction_to_pingfederate/pf_fed_plan_checklist.html). If your agreement includes sending assertions containing attribute values from local datastores, you must define the required datastores. For more information, see [Managing datastores](pf_managing_datastores.html). | | | | - | ---------------------------------------------------------------------------------------------------------------------------------- | | | If you delete a provisioning connection, the users are not deleted from the SP. They are simply no longer managed by PingFederate. | ## Administrative interface Manage connection settings using the **SP Affiliations** window, accessed from **System > Protocol Metadata**, which organizes the settings into a series of primary tasks. Some primary tasks have one or more levels of sub task. Each primary or sub task has its own tab for managing one or more settings. You can move to a sibling task using the **Next** or **Previous** button. If you are on a sub task, you can also move to its parent task using the **Done** button. When creating a new connection, you can save your progress using the **Save Draft** button. Not all windows offer this option. When you reach the **Activation & Summary** tab, you must click **Save** to complete the new connection. When editing an existing connection, make changes and then click **Save** to commit your changes. You are not required to step through all window to reach the **Activation & Summary** window before you can save your changes. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The **Save** button is available on most tabs. If a window does not show a **Save** button, click **Next** or **Done** until you reach a window where you can use its **Save** button to commit your changes. |