In an SP role, you use the PingFederate administrative console to configure local application-integration information and to manage connections to your IdP-partner sites. Prior to configuring connections to IdPs, you must establish your site as an SP on the System > Protocol Settings > Roles & Protocols screen.

Note that only one connection is needed per partner, even if you are integrating more than one web application.

While your entity ID is defined on the System > Protocol Settings > Federation Info screen, you may identify your organization differently through the use of virtual server IDs on a per-connection basis (see Multiple virtual server IDs).

Additionally, you may deploy an SP connection to bridge a service provider to one or more identity providers through one or more authentication policy contracts (see Federation hub use cases and Federation hub and authentication policy contracts for more information).

This topic applies to configuration settings needed for browser-based SSO. While there is some cross-over information also applicable to WS-Trust STS, if you are using PingFederate exclusively as an STS, start with WS-Trust STS configuration.