Choosing IdP connection options
On the Connection Optionstab, shown only for browser-based single sign-on (SSO) connections, you can enable browser-based SSO in conjunction with Just-in-Time (JIT) provisioning. Additionally, you can also choose to map user attributes for persistent grants used by the optional PingFederate OAuth authorization server.
About this task
For SAML 2.0, you can configure the Attribute Query profile with or without the browser-based SSO.
Steps
-
On the Connection Options tab, make the appropriate selections for your configuration.
Choice Action Create a connection for browser-based SSO.
Select the Browser SSO check box.
Enable JIT provisioning, OAuth attribute mapping, or both.
Select the appropriate check box after selecting the Browser SSO check box.
Create a connection to facilitate the SAML 2.0 Attribute Query profile.
Select the Attribute Query check box. For more information, see Attribute Query and XASP