--- title: Key concepts description: This section provides background information and preparation to help administrators understand and use PingFederate. component: pingfederate version: 13.1 page_id: pingfederate:introduction_to_pingfederate:pf_key_conc canonical_url: https://docs.pingidentity.com/pingfederate/13.1/introduction_to_pingfederate/pf_key_conc.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: connection-types: Connection Types ws-trust-sts: WS-Trust STS oauth: OAuth sso-integration-kits-and-adapters: SSO integration kits and adapters security-infrastructure: Security infrastructure hierarchical-plugin-configuration: Hierarchical plugin configuration identity-mapping: Identity mapping user-attributes: User attributes user-provisioning: User provisioning customer-identity-and-access-management: Customer identity and access management federation-hub-use-cases: Federation hub use cases federation-planning: Federation planning --- # Key concepts This section provides background information and preparation to help administrators understand and use PingFederate. ## Connection Types PingFederate features an integrated administrative console for configuring connections to identity-federation partners. The four connection types include: * Browser-based single sign-on (SSO) – Called Browser SSO in the administrative console, this term refers to standards-based secure SSO, which generally depends on a user's browser to transport identity assertions and other messaging between partner endpoints. For more information, see [Supported standards](pf_supported_standards.html). * WS-Trust security token service (STS) – Employs the PingFederate STS, which enables web service clients (WSCs) and web service providers (WSPs) to extend SSO to identity-enabled web services at provider sites. For more information, see the [WS-Trust STS](pf_wstrust_sts.html). These standards, including WS-Trust, do not rely on the user's browser for message transport. * OAuth Assertion Grant – Exchanges a SAML assertion or a JSON Web Token for an OAuth access token with the PingFederate authorization server (AS). For more information, see [About OAuth](pf_about_oauth.html). * Provisioning – Provides automated cross-domain inbound and outbound user management. For more information, see [User provisioning](pf_user_provis.html). You can configure the types of connections together for the same partner or independently. ## WS-Trust STS PingFederate WS-Trust STS allows organizations to extend SSO identity management (IdM) to web services. For more information see, [About WS-Trust STS](pf_wstrust_sts.html). ## OAuth You can configure PingFederate to act as an OAuth authorization server (AS), allowing a resource owner to grant authorization to an OAuth client requesting access to resources hosted by a resource server (RS). For more information, see [About OAuth](pf_about_oauth.html). ## SSO integration kits and adapters PingFederate provides bundled and separate integration kits that include adapters that plug into the PingFederate server and agent toolkits that interface with local IdM systems or applications as needed. For more information, see [SSO integration kits and adapters](pf_bundled_adapt_auth.html). ## Security infrastructure PingFederate security infrastructure supports encrypted messaging, certificates, and digital signing. For more information, see [Security infrastructure](pf_sec_infras.html). ## Hierarchical plugin configuration PingFederate allows you to use a configuration of an adapter, as well as certain other PingFederate plugins, as a parent instance from which you can create child instances. For more information, see [Hierarchical plugin configurations](pf_hierach_plugin_config.html). ## Identity mapping PingFederate enables identity mapping between domains for browser-based SSO and WS-Trust STS. For more information, see [Identity mapping](pf_ident_mapp.html). ## User attributes Federation transactions require the transmission of a unique piece of information that identifies the user for identity mapping between security domains. For more information, see [User attributes](pf_user_attrib.html). ## User provisioning PingFederate provides cross-domain user provisioning and account management. For more information, see [User provisioning](pf_user_provis.html). ## Customer identity and access management PingFederate empowers administrators to deliver a secure and easy-to-use customer authentication, registration, and profile management solution. For more information, see [Customer identity and access management](pf_cust_ident_and_access_manage.html). ## Federation hub use cases As a federation hub, PingFederate can bridge browser-based SSO between IdPs and SPs. For more information, see [Federation hub use cases](pf_fed_hub_use_case.html). ## Federation planning An essential first step in establishing an identity federation involves discussions and agreements between you and your connection partners. For more information, see the [Federation planning checklist](pf_fed_plan_checklist.html).