1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters. Click Create new Instance.
  2. On the Type tab, set the basic adapter instance attributes.
    1. In the Instance Name field, enter a name for the adapter instance.
    2. In the Instance ID field, enter a unique identifier for the adapter instance.
    3. From the Type list, select . Click Next.
  3. On the Instance Configuration tab, configure the adapter instance by referring to Configuring an OpenToken SP Adapter instance in the PingFederate documentation. Click Next.

    If you use .NET to protect multiple sites on the same domain, in the instance configuration, select None for SameSite Cookie, and select the Secure Cookie check box.

  4. Export the configuration file:
    1. On the Actions tab, click Download, and then click Export.
    2. Save agent-config.txt. Click Next.
  5. On the Extended Contract tab, add any attributes that you expect to retrieve other than the SAML subject. Click Next.
  6. On the Target App Info tab, enter the basic information about your SP application. Click Next.
  7. On the Summary tab, check and save your configuration. Click Save.
  8. Create or update an identity provider (IdP) connection to use the instance as shown in Service provider SSO configuration in the PingFederate documentation.