Token generators provide a mechanism through which PingFederate can generate a local token based upon an incoming SAML token, including mapping user attributes to be included in the generated token. A configured and deployed token generator in PingFederate is known as a token generator instance.

As needed, you can map one or more token generator instances into an IdP connection to satisfy different token requirements by the web services at your site. (The same token generator instances may also be mapped in multiple connections.)

When token generator instances are restricted to certain virtual server IDs, the allowed IDs are displayed under Virtual Server IDs.

  • To map a token generator instance, click Map New Token Generator Instance.
  • To edit the mapping configuration of a token generator instance, open it by clicking on its name, select the setting that you want to reconfigure, and complete the change.
  • To remove a token generator instance or cancel the removal request, click Delete (followed by Save) or Undelete.
  • If you are creating a new connection and you are finished with mapping configuration, click Done.
  • If you are editing an existing configuration and want to keep your changes, click Save.