--- title: Creating a web application description: Create a web application that uses a SAML connection in PingOne. component: pingone page_id: pingone:pingone_tutorials:p1_tutorial_config_mfa_experience_create_web_app canonical_url: https://docs.pingidentity.com/pingone/pingone_tutorials/p1_tutorial_config_mfa_experience_create_web_app.html revdate: November 13, 2023 section_ids: steps: Steps limiting-access-to-the-application: Limiting access to the application steps-2: Steps assigning-the-multi_factor-authentication-policy-to-the-application: Assigning the Multi_Factor authentication policy to the application steps-3: Steps optional-configuring-pingid-policy: "Optional: Configuring PingID policy" steps-4: Steps next-steps: Next steps --- # Creating a web application Now that we've added our environment, and created new users and a group, we'll create a web application that uses a SAML connection. ## Steps 1. In the PingOne admin console, go to **Applications > Applications**. 2. Click the **[icon: plus, set=fa]**icon. ![Screen capture of the Applications page showing the Add Application icon](_images/pai1676405241170.png) 3. In the **Add Application** panel, enter an **Application Name**. You can also enter a **Description** (optional). | | | | - | ------------------------------------------------------------------------------------------------------- | | | Add an icon for your application so that it's easy to identify in the **External Applications** portal. | ![A screen capture of the application details panel](_images/tlt1676405435151.png) 4. Click **SAML Application** and then click **Configure**. 5. For SAML Configuration, select **Manually Enter**. 6. Enter the following: * **ACS URLs**: `https://decoder.pingidentity.cloud/saml` * **Entity ID**: `pingidsamldecoder` 7. Click **Save**. 8. At the top of the panel, click the toggle to enable the application. ![A screen capture of the application details panel showing the enable toggle switch](_images/cye1676406015343.png) ## Limiting access to the application We'll now limit access to the application to the Sales group. ### Steps 1. Go to **Applications > Applications**. Locate your application and click the application entry to open the details panel. 2. Click the **Access** tab and then click the pencil icon. 3. Under **Groups**, select the check box for the **Sales** group. ![Screen capture of the web application open in edit mode to the Access tab with the Sales group selected](_images/krj1676406476320.png) 4. Click **Save**. ## Assigning the Multi\_Factor authentication policy to the application We'll now assign the Multi-factor authentication policy to your web application. The application should still be open for edit. ### Steps 1. Go to **Applications > Applications**. Locate your application and click the application entry to open the details panel. 2. Click the **Policies** tab and then click the pencil icon. 3. Under **PingOne Policies**, select the check box for the **Multi\_Factor** policy. ![A screen capture showing the Policies tab](_images/hie1676406735039.png) 4. Click **Save**. ## Optional: Configuring PingID policy You can configure the default PingID policy to add additional authentication methods and other policy criteria. Learn more in [Configuring strong authentication methods (MFA)](../strong_authentication_mfa/p1_configuring_strong_authentication_start.html). ### Steps 1. In the PingOne admin console, go to **Authentication > Authentication**. 2. Expand the **Multi\_Factor** policy and click the **Pencil** icon ([icon: pencil, set=fa]) to edit it. 3. In the **PingID Authentication step**, click the link to **Configure now**. 4. Configure the PingID policy and then click **Save**. ### Next steps Continue this demo by [Performing the user simulation](p1_tutorial_config_mfa_experience_perform_user_simulation.html).