On the Connection Options screen (shown only for browser-based SSO connections), you can enable browser-based SSO in conjunction with JIT provisioning. Additionally, you may also choose to map user attributes for persistent grants used by the optional PingFederate OAuth authorization server.

For SAML 2.0, you also have the option of configuring the Attribute Query profile, with or without the browser-based SSO.

  • To create a connection for browser-based SSO, select the Browser SSO check box.
  • To enable JIT provisioning, OAuth attribute mapping, or both for this connection, make that selections (after selecting the Browser SSO check box).

    Note that the OAuth Attribute Mapping option is only available when the OAuth 2.0 authorization server (AS) role is enabled on the System > Protocol Settings > Roles & Protocols screen.

  • To create a connection to facilitate the SAML 2.0 Attribute Query profile, select the Attribute Query check box (see Attribute Query and XASP).