In an IdP role, you use the PingFederate administrative console to configure local application-integration information and to manage connections to your SP-partner sites. Prior to configuring connections to SPs, you must establish your site as an IdP on the System > Protocol Settings > Roles & Protocols screen.

Note that only one connection is needed per partner, even if you are targeting more than one web application at the destination SP site.

While your entity ID is defined on the System > Protocol Settings > Federation Info screen, you may identify your organization differently through the use of virtual server IDs on a per-connection basis (see Multiple virtual server IDs).

Additionally, you may deploy an SP connection to bridge a service provider to one or more identity providers through one or more authentication policy contracts (see Federation hub use cases).


This topic applies to configuration settings needed for browser-based SSO. While there is some cross-over information also applicable to WS-Trust STS, if you are using PingFederate exclusively as an STS, start with WS-Trust STS configuration.