On the Connection Optionstab, shown only for browser-based single sign-on (SSO) connections, you can enable browser-based SSO in conjunction with Just-in-Time (JIT) provisioning. Additionally, you can also choose to map user attributes for persistent grants used by the optional PingFederate OAuth authorization server.
For SAML 2.0, you can configure the Attribute Query profile with or without the browser-based SSO.
|Create a connection for browser-based SSO.
|Select the Browser SSO check box.
|Enable JIT provisioning, OAuth attribute mapping, or both.
|Select the appropriate check box after selecting the Browser SSO check box.
|Create a connection to facilitate the SAML 2.0 Attribute Query profile.
|Select the Attribute Query check box. For more information, see Attribute Query and XASP