If you are not using a connection template (which pre-configures browser-based SSO), indicate on the Connection Type screen whether the connection to this partner is for Browser SSO, WS-Trust STS, outbound provisioning, or any combination of them.
Tip:

You can add STS, OAuth, and outbound provisioning support to any existing SSO connection, or vice versa, at any time.

Note:

If your partner's deployment supports multiple protocols and you intend to communicate using more than one, you must set up a separate connection for each protocol. Note that each connection must use a unique (partner) connection ID.

  • To configure a connection for secure browser-based SSO, select the Browser SSO Profiles check box.

    If you have selected multiple protocols on the System > Protocol Settings > Roles & Protocols screen and you are not using a connection template, you must select the applicable protocol from the list when establishing a new connection.

    For a WS-Federation connection, select the desired token type, namely SAML 1.1, SAML 2.0, or JWT (JSON Web Token).

    Tip:

    If you are creating a WS-Federation connection to Microsoft Windows Azure Pack, select JWT as the token type.

    Tip:

    PingFederate can encrypt the subject and attributes of SAML 2.0 assertions. For information about configuring encryption policies on a PingFederate IdP, see Configuring XML encryption policy (SAML 2.0). For information about configuring encryption policies on a PingFederate SP, see Specifying XML encryption policy (for SAML 2.0).

  • To configure an STS connection, select the WS-Trust STS check box.

    The WS-Trust STS option is only available after you enable the WS-Trust role on the System > Protocol Settings > Roles & Protocols screen.

  • To configure a connection for outbound provisioning, make that selection and then select the provisioning type from the list.

    The Outbound Provisioning option is only available after you enable the Outbound Provisioning protocol on the System > Protocol Settings > Roles & Protocols screen.

  • If your PingFederate license manages connections by groups, select a license group for this connection.
    This option is not shown for unrestricted or other types of licenses.