1. On the Main Menu, click Server Settings.
  2. On the Roles and Protocols screen in the Server Settings configuration, ensure that both the IdP and SP roles are enabled.
    Note: The choice of protocol is not relevant for either role to implement the Salesforce Connector for onsite SSO, but a selection is required to enable a role.
    Note: If updates are needed on the screen, be sure to click Save.
  3. Configure an SP Adapter Instance, if one is not already configured or you want to use a new one.

    Click Adapters under SP Configuration on the Main Menu.

    Use any adapter type, including the OpenToken Adapter bundled with PingFederate (see the PingFederate Administrator’s Manual).

  4. On the Main Menu under System Settings, click IdP-to-SP Adapter Mapping and follow the screen flow to complete this configuration.

    Select the Salesforce IdP Adapter Instance configured earlier as the Source instance and any SP Adapter Instance as the Target.

    For more information, see the PingFederate Administrator’s Manual (or click Help on any screen).

  5. Optional: On the Main Menu under SP Configuration, click Default URLs.
    If the default SSO URL (the top text box) is unspecified and the SP configuration will be used only to set up this Salesforce Connector, you can enter the target-application URL as the default.
    Note: The default URL for single logout (the second text box) does not apply for the Salesforce Connector; SLO is not supported.

    Alternatively, you can enter a fallback URL (or leave an existing entry unchanged) and provide the target-application URL as a query parameter in the Salesforce link, as described in the next section (recommended).

    For more information about how default URLs are used, see the PingFederate Administrator’s Manual or click Help.