---
title: Creating a web application
description: A web application is a browser-based application with a server-side component, such as .NET web apps, JSP/Java, Node.js, or Ruby on Rails.
component: pingone
page_id: pingone:applications:p1_mfa_creating_a_web_application
canonical_url: https://docs.pingidentity.com/pingone/applications/p1_mfa_creating_a_web_application.html
revdate: September 5, 2024
page_aliases: ["operational_status:p1_mfa_creating_a_web_application.adoc", "operational_status:p1_mfa_creating_a_web_application_console.adoc"]
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  example: Example:
  result-2: Result:
---

# Creating a web application

A web application is a browser-based application with a server-side component, such as .NET web apps, JSP/Java, Node.js, or Ruby on Rails.

## About this task

Web applications typically have functions similar to desktop applications. Web applications can use Security Assertion Markup Language (SAML) *(tooltip: \<div class="paragraph">
\<p>A standard, XML-based, message-exchange framework enabling the secure transmittal of authentication tokens and other user attributes across domains.\</p>
\</div>)* or OpenID Connect (OIDC) *(tooltip: \<div class="paragraph">
\<p>An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\</p>
\</div>)* for authentication.

A web application includes the following configuration:

|                        |                                                                                                                                    |
| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| **Create App Profile** | The application name and description.                                                                                              |
| **Configure**          | The application's redirect URL.                                                                                                    |
| **Grant Access**       | To your application (for your customers to trigger authentication requests).                                                       |
| **Attribute Mapping**  | Map your PingOne user-defined attributes to the corresponding application attributes for accessibility between users and your app. |

Every user authentication event occurs in the context of a SAML or OIDC application. When you invoke multi-factor authentication (MFA) *(tooltip: \<div class="paragraph">
\<p>An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.\</p>
\</div>)* through an OIDC request, you must provide a client ID, which is the ID of your web application.

A worker app is used to make backend calls. In contrast, a web app (or native app or single page app) is required for invoking an authentication flow.

## Steps

1. In the PingOne admin console, go to **Applications > Applications**.

2. Click **[icon: plus, set=fa]**.

   ### Result:

   The **Add Application** panel opens.

3. Enter an appropriate **Application Name** and a **Description**.

   ### Example:

   For example, the application name `Getting Started Web OIDC App`.

4. In **Choose Application Type**, click **OIDC Web App**.

5. Click **Save**.

   ### Result:

   The details panel opens. Applications are granted OAuth scopes so that they can access PingOne platform resources.

6. To configure the application URL, click the **Configuration** tab, then click the **Pencil** icon.

7. In the **Redirect URIs** field, enter your application's redirect URL (for example, `https://example.com`).

8. Click **Save**.

9. To grant access to your application, click the **Access** tab and click the **Pencil** icon.

10. Click **[icon: plus, set=fa]**to select the groups.

11. Click **Save**.

12. Click the **Resources** tab, and click the **Pencil** icon.

13. Enter `profile` in the **Search Scopes** field.

    |   |                                                                                                                                  |
    | - | -------------------------------------------------------------------------------------------------------------------------------- |
    |   | This filters the list of resource types so that only the Open ID **profile** scope remains visible in the scopes selection list. |

14. On the **Profile Scope**, click the **[icon: plus, set=fa]**icon or drag it out to the **Allowed Scopes**.

15. Click **Save**.

16. To map your PingOne user-defined attributes to your corresponding application attributes, click the **Attribute Mappings** tab, and click the **Pencil** icon.

17. Click **[icon: plus, set=fa]Add** and fill in the **Attributes** and corresponding **PingOne Mappings** fields.

18. Click **Save**.

19. At the top right of the web application's profile, click the toggle to enable it.

    |   |                                                                                                                                       |
    | - | ------------------------------------------------------------------------------------------------------------------------------------- |
    |   | You can find more information and additional configuration options in [Adding an application](p1_applications_add_applications.html). |