Choosing IdP connection options - PingFederate

Choosing IdP connection options - PingFederate - 10.0

PingFederate Server

bundle

pingfederate-100

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.0

category

Product

pf-100

pingfederate

ContentType_ce

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 1 min read

PingFederate 10.0 Product Configuration User task Single Sign-on (SSO) Capability Administrator Audience Product documentation Content Type Software Deployment Method

On the Connection Options screen (shown only for browser-based SSO connections), you can enable browser-based SSO in conjunction with JIT provisioning. Additionally, you may also choose to map user attributes for persistent grants used by the optional PingFederate OAuth authorization server.

For SAML 2.0, you also have the option of configuring the Attribute Query profile, with or without the browser-based SSO.

To create a connection for browser-based SSO, select the Browser SSO check box.
To enable JIT provisioning, OAuth attribute mapping, or both for this connection, make that selections (after selecting the Browser SSO check box).

Note that the OAuth Attribute Mapping option is only available when the OAuth 2.0 authorization server (AS) role is enabled on the System > Protocol Settings > Roles & Protocols screen.
To create a connection to facilitate the SAML 2.0 Attribute Query profile, select the Attribute Query check box (see Attribute Query and XASP).