An IdP might be an enterprise that manages accounts for a large number of users who need secure access to the web-based applications or services of customers, suppliers, and business partners. An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.

Secure single sign-on
Diagram illustrating secure single sign-on between the workforce identity provider and the cloud service provider.

Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP. The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.

A single instance of PingFederate provides complete support for both roles even when a single organization's business processes encompass both SP and IdP use cases.