If you are not using a connection template, which pre-configures browser-based SSO, indicate on the Connection Type tab whether the connection to this partner is for Browser SSO, WS-Trust STS, outbound provisioning, or any combination of them.
Tip:

You can add STS, OAuth, and outbound provisioning support to any existing SSO connection, or vice versa, at any time.

Note:

If your partner's deployment supports multiple protocols and you intend to communicate using more than one, you must set up a separate connection for each protocol. Each connection must use a unique (partner) connection ID.

  1. Go to Applications > Integration > SP Connections.
  2. Click Create Connection.
  3. Select Do not use a template for this connection.
  4. To configure a connection for secure browser-based SSO, select the Browser SSO Profiles check box.

    If you have selected multiple protocols on System > Server > Protocol Settings > Roles & Protocols and you are not using a connection template, you must select the applicable protocol from the list when establishing a new connection.

    For a WS-Federation connection, select the desired token type, either SAML 1.1, SAML 2.0, or JWT (JSON Web Token).

    Tip:

    If you are creating a WS-Federation connection to Microsoft Windows Azure Pack, select JWT as the token type.

    Tip:

    PingFederate Bridge can encrypt the subject and attributes of SAML 2.0 assertions.

    For information about configuring encryption policies on a PingFederate Bridge identity provider (IdP), see Configuring XML encryption policy (SAML 2.0).

    For information about configuring encryption policies on a PingFederate Bridge SP, see Specifying XML encryption policy (for SAML 2.0).

  5. Optional: Choose one or both of the following depending on your configuration needs.
    Connection TemplateStep
    WS-TRUST STS Select the WS-Trust STS check box.

    The WS-Trust STS option is only available after you enable the WS-Trust role on System > Server > Protocol Settings > Roles & Protocols.

    Outbound Provisioning Select Outbound Provisioning and then select the provisioning type from the list.

    The Outbound Provisioning option is only available after you enable the Outbound Provisioning protocol on System > Server > Protocol Settings > Roles & Protocols.

  6. If your PingFederate Bridge license manages connections by groups, select a license group for this connection.

    This option is not shown for unrestricted or other types of licenses.

  7. To save your settings, click Next.