You can manually create service provider (SP) connections in PingFederate using browser single sign-on (SSO), WS-Trust security token service (STS), outbound provisioning, or any combination thereof.
You can add STS, OAuth, and outbound provisioning support to any existing SSO connection, or vice versa, at any time.
If your partner's deployment supports multiple protocols and you intend to communicate using more than one, you must set up a separate connection for each protocol. Each connection must use a unique (partner) connection ID.
- Go to .
- Click Create Connection.
- Select Do not use a template for this connection.
To configure a connection for secure browser-based SSO, select the
Browser SSO Profiles check box.
If you are not using a connection template, you must select the applicable protocol from the list when establishing a new connection.
For a WS-Federation connection, select the desired token type, either SAML 1.1, SAML 2.0, or JWT (JSON Web Token).Tip:
If you are creating a WS-Federation connection to Microsoft Windows Azure Pack, select JWT as the token type.Tip:
PingFederate can encrypt the subject and attributes of SAML 2.0 assertions.
For information about configuring encryption policies on a PingFederate identity provider (IdP), see Configuring XML encryption policy (SAML 2.0).
For information about configuring encryption policies on a PingFederate SP, see Specifying XML encryption policy (for SAML 2.0).
Choose one or both of the following depending on your configuration needs.
Connection Template Step WS-TRUST STS Select the WS-Trust STS check box. Outbound Provisioning Select Outbound Provisioning and then select the provisioning type from the list.
If your PingFederate license manages connections by groups, select a license group
for this connection.
This option is not shown for unrestricted or other types of licenses.
- To save your settings, click Next.