You must create and configure user sessions when configuring service provider (SP) browser single sign-on (SSO).
As an SP, you must specify how PingFederate uses information sent from the IdP in SSO tokens to create user sessions for enabling access to protected resources at your site.
If you are a federation hub, bridging an identity provider to one or more service providers, you can associate one or more authentication policy contracts to the IdP connection. For more information, see Federation hub use cases.
The configuration involves choosing an identity-mapping method, establishing an attribute contract as needed, and optionally mapping one or more SP adapter instances, authentication policy contracts, or both.