1. In the PingOne for Enterprise admin console, go to Applications > Application Catalog.
  2. Optional: In the Search field, search for the application.
  3. Click the Salesforce application line to expand it, and then and click Setup.
  4. On the SSO Instructions tab, click Download to download the signing certificate.
  5. In a separate tab or window, sign on to the Salesforce admin portal.
  6. In Salesforce, go to Setup > Administer > Security Controls > Single Sign-On Settings.
  7. Select the SAML Enabled check box.
  8. In the Name field, enter a name for the connection to PingOne.
  9. In the Issuer field, enter the Issuer value from PingOne.
  10. On the Identity Provider Certificate line, click Browse to upload the signing certificate you downloaded in step 4.
  11. From the SAML Identity Type list, select Assertion contains User's salesforce.com username.
  12. From the SAML Identity Location list, select Identity is in the NameIdentifier element of the Subject Statement.
  13. In the API Name field, enter a unique name for the API.
  14. In the Entity ID field, enter https://saml.salesforce.com
    If you have a Salesforce.com My Domain URL, you can enter it into this field instead.
  15. Optional: In the Identity Provier Login URL, enter https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<IdP ID>, replacing <IdP ID> with the IdP ID value from PingOne.
  16. Optional: In the Identity provider Logout URL field, enter https://sso.connect.pingidentity.com/sso/terminatesession.aspx?page=https://www.salesforce.com.
  17. Optional: In the Custom Error URL, enter a URL to redirect users to when an error occurs.
    If your identity bridge is AD Connect with IIS, you can enter https://<AD Connect IIS Server URL>/ADconnect/error.aspx.
  18. Click Save.

    Keep the Salesforce tab open, as you will need values from it for the next steps.

In PingOne for Enterprise, click Continue to Next Step.