PingFederate features an integrated administrative console for configuring four kinds of connections to identity-federation partners:

  • Browser-based SSO – Also called Browser SSO in the administrative console, this term is often used to refer to standards-based secure SSO, which generally depends on a user's browser to transport identity assertions and other messaging between partner endpoints (see Supported standards).
  • WS-Trust STS – Employs the PingFederate Security Token Service (STS), which enables Web service clients and providers (WSCs and WSPs) to extend SSO to identity-enabled web services at provider sites, using another set of standards (see the next section, About WS-Trust STS). These standards, including WS-Trust, do not rely on the user's browser for message transport.
  • OAuth Assertion Grant – Exchanges a SAML assertion or a JSON Web Token for an OAuth access token with the PingFederate authorization server (AS) (see About OAuth).
  • Provisioning – Provides automated cross-domain inbound and outbound user management (see User provisioning).

The types of connections can be configured together for the same partner or independently.