1. Sign on to the AWS SSO Console as the root user for the AWS account.
  2. Go to Settings. In the Identity source section, on the Identity source row, click Change.
  3. On the "Choose where your identities are sourced page, click External identity provider.
  4. In the Service provider metadata section, click Download metadata file. Save the sp-saml-metadata.xml file.
  5. In the Identity provider metadata section, upload the PingFederate metadata file that you exported in Exporting SAML metadata from PingFederate.
  6. Click Next: Review.
  7. In the Review and confirm section, enter ACCEPT. Click Save identity source.
  8. Note your provisioning SCIM URL and access token ID.
    1. On the Settings window, in the Identity source section, on the Provisioning row, click View details.
    2. On the Automatic Provisioning window, note the SCIM endpoint and Access token ID. You will use these in Creating a connection.