On the Roles and Protocols screen, select the roles your organization plays and the sets of standards you will use with your PingFederate server. Depending on the selected roles and protocols, you may be prompted to provide additional information in a subsequent screen. If your use cases require roles or protocols that have not yet been selected, you must return to this screen to make the selections before you can configure those new use cases.
- Go to the screen.
Select your federation roles, and then select the applicable protocols.
Outbound provisioning for SaaS applications requires the use of the SAML 2.0.
If you are using PingFederate as an IdP for provisioning
or have installed a SaaS Connector package, select the Outbound
Provisioning check box.
If such check box is not available, verify that your PingFederate license includes the Outbound Provisioning capability and the outbound provisioning properties are configured in the <pf_install>/pingfederate/bin/run.properties file.Note:
After provisioning is configured for a connection, you cannot clear this check box—you must delete all provisioning configurations first. To suspend provisioning for an SP partner, you can deactivate the specific configuration. Alternatively, you can deactivate the associated SP connection; note, however, that this will also disable SSO/SLO transactions.
- Optional: If you are using PingFederate as an SP for provisioning, select the Inbound Provisioning check box.
If you are using SAML 2.0 XASP as an SP for multiple IdP connections, you may
select the option to determine dynamically which connection to use, based on the
X.509 certificate presented.
After you make this selection and create XASP IdP connections, configure dynamic IdP discovery via the Attribute Requester Mapping link on the Service Provider menu. Once the mapping is configured, you cannot clear the check box on the Roles and Protocols screen unless you first delete the mapping.
For general information about XASP, see Attribute Query and XASP.
Click Next and continue with the rest of the
When editing an existing configuration, you may also click Save as soon as the administrative console offers the opportunity to do so.