--- title: Edit a managed customer connection description: Change the basic information, SAML details, and identity provider (IdP) discovery settings of your existing managed customer connections. component: pingoneforenterprise page_id: pingoneforenterprise:pingone_sso_for_saas_apps:p14saas_edit_managed_customer_connection canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_sso_for_saas_apps/p14saas_edit_managed_customer_connection.html revdate: July 29, 2022 section_ids: about-this-task: About this task steps: Steps choose-from: Choose from: result: Result: --- # Edit a managed customer connection Change the basic information, SAML details, and identity provider (IdP) discovery settings of your existing managed customer connections. ## About this task For information on editing existing invited customer connections, see [Edit an invited customer connection](p14saas_edit_invited_customer_connection.html). Only certain settings are available for editing. These settings depend on whether your application is SAML-enabled, whether the application connection is manually configured, and whether or not the connection is multiplexed. | | | | - | -------------------------------------------------------------------------------------------------------------- | | | The following steps are optional. You only need to change the settings that apply to your customer connection. | ## Steps * To display the list of customer connections for your applications, click the **Customer Connections** tab. * **Optional:** To display the customer connection filtering options, click **Narrow by**. 1. To filter the list of customer connections, select or clear the **Enabled** or **Type** boxes. * For the connection you want to edit, click the **down arrow** to display the drop-down list, and click **Edit**. * To indicate whether this connection is multiplexed, click **Yes** or **No**. * In the **Contact Email** field, enter the email address of the person assigned as the contact for this connection. * In the **IdpId** field, enter the idpid. For more information, see [Finding the `idpId` value](p14saas_finding_idpid_value.html). * In the **Entity ID** field, enter a unique name for the identity bridge. * Upload metadata. ### Choose from: * Click **Select File** to upload a local metadata file. * Click **Or use URL** to enter a metadata URL. * In the **SSO Endpoint** field, enter an identity bridge endpoint URL to which PingOne will send AuthNRequests. * To upload a verification certificate, click **Browse…​**, and select a local signing certificate file to upload. ### Result: If you upload a verification certificate, the details for that certificate display in the **Certificate File Name**, **Certificate Subject DN**, and **Expiration Date** fields. * In the **Single Logout Endpoint** field, enter the endpoint URL to redirect users to when they sign out of an application. * In the **Single Logout Response Endpoint** field, enter a URL for applications to send logout responses to. * For **Single Logout Binding Type**, click either **Redirect** or **Post** to determine how SAML uses HTTP to transport messages. * To enable PingOne to sign outgoing connection requests, select the **Sign the AuthNRequest** box. * From the **Signing Algorithm** list, select the algorithm for PingOne to use when signing outgoing connection requests. * From the **Connection Data** section, you can download the **Signing Certificate**, **PingOne Metadata**, and **Encryption Certificate**. You can also copy and share the **ACS URL** with the customer's IdP. If this connection is not multiplexed, and enabled through PingOne rather than SAML or OIDC, you can select **Use Custom Entity ID** to use the application's custom entity ID rather than the default `saasid`. For more information about configuring a custom entity ID, see [Add or update other applications](p14saas_add_update_other_app.html). * In the **IdP Discovery** section, enter the **Email Domain** to use for IdP discovery. PingOne uses the email domain you specify to discover the IdP and assign it to the customer account. * Enable the **Set as default IdP** box to redirect users who enter an email address that cannot be matched to an IdP during service provider (SP)-initiated single sign-on (SSO). | | | | - | --------------------------------------------------------------------------------------------------------------------------- | | | The **Set as default IdP** setting will not be displayed if you have already enabled this setting for the customer account. | You can enable IdP discovery to associate each connection with an IdP. When you initiate an SSO request (SP-initiated SSO), there is no need to specify the identifier for the IdP. Instead, PingOne resolves the correct IdP by associating email domains with specific managed accounts and their IdP. Then, during a user's initial SSO, the user enters a matching email domain. PingOne prompts the user for their email domain only during their initial SSO. When a user initially attempts to SSO to the application, the user is prompted for their email address. If the domain of the email address matches one of the IdP discovery domains you assigned, PingOne redirects the user to the corresponding IdP for authentication. If the domains do not match and you have not enabled **Set as default IdP**, an error is displayed and the user is prompted again for their email address. When **Set as default IdP** is enabled, the user is redirected to the default IdP to authenticate. - When you are finished making changes, click **Save changes**.