Identity federation standards identify two operational roles in an SSO transaction: the identity provider (IdP) and the service provider (SP).
An IdP might be an enterprise that manages accounts for a large number of users who need secure access to the web-based applications or services of customers, suppliers, and business partners. An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.
Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP. The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.
A single instance of PingFederate provides complete support for both roles even when a single organization's business processes encompass both SP and IdP use cases.