PingOne SSO for SaaS Apps handles most of the connection details for these applications and will send single sign-on (SSO) users to the URL that you specify for an application.

However, you will need to set up the referenced page to process the security token sent from PingOne and create a user session for the authenticated user. See Process the PingOne SSO for SaaS Apps token exchange for more information.

Each application connection is multiplexed, meaning PingOne SSO for SaaS Apps will use the same connection to the application for all customers or partners.

  1. Go to Applications > My Applications > SAML and click Add New Application.
  2. In the Category list, select the category that applies to your application.
  3. In the Name field, enter a name for your application.
  4. In the Description field, enter a description for your application.
  5. Select a visibility option for your application:
    • Click Public to add your application to the Application Catalog.
    • Click Private to make your application available only to the organizations you invite.
  6. Optional: Upload an icon and logo for your application.

    If you're using the current version of the dock, you don't need to add a logo.

  7. Click Continue to Next Step.
  8. On the Create Connections page, click No, I want to enable through PingOne.
  9. Optional: In the Hostname or Domain field, enter the host or domain name associated with your application.

    If your application has only one entry point, make your application more secure by leaving the Hostname or Domain field empty to disable the appurl parameter.

    If you must use appurl, a domain such as can provide stricter validation than

  10. On the Binding Type line, select the binding type to use for sending tokens to this application.

    The default binding type of Post is more secure, because it doesn't expose the token as a query parameter in the URL.

  11. In the Default Application URL field, enter an application URL to send authenticated users to.

    Although both HTTP and HTTPS URLs are accepted in this field, HTTPS is more secure for production applications.

    The page for this URL will need to process the security token sent from PingOne SSO for SaaS Apps and create a user session. For more information, see Process the PingOne SSO for SaaS Apps token exchange.

  12. Optional: In the Error URL field, enter a URL to direct users to in case of an error.

    If you don't specify an error URL, PingOne SSO for SaaS Apps will display a generic error page.

  13. Optional: Select the Allow Customization to allow PingOne for Enterprise accounts to override the Default Application URL and Error URL when they configure this application from the application catalog.
    Note: This option is available only if you make your application visibility Public.
  14. In the Entity ID field, enter a unique identifier for SAML connections to this application.

    If you don't specify an entity ID, PingOne SSO for SaaS Apps uses either PingConnect or the application's saasid, depending on what connection type you select during connection configuration.

    If a custom entity ID is in use by a non-multiplexed connection, it cannot be changed.

    For more information, see Creating a manual SAML connection.

  15. Click Continue to Next Step.
  16. Optional: To add SSO attributes, click Add Attribute.


    Enter a name for the attribute.


    Enter a description for the attribute.


    Select the check box to make the attribute required for SSO.


    Click to configure advanced attribute options.

    For more information, see Creating advanced attribute mappings.

  17. Click Continue to Next Step.
  18. On the Create Instructions tab, enter instructions to guide a user in enabling SSO for this application.

    This tab only appears if you made your application public in step 5.

    1. In the Introduction Text field, enter text introducing your application and supplying any necessary instructions to users.
    2. Optional: In the SSO Configuration Path field, enter navigation instructions to guide users to your application's SSO configuration page.
    3. Optional: In the SSO Configuration Page URL field, enter the URL for your application's SSO configuration page.
    4. Optional: For each configuration step that you want to add, click Add Step, and fill in the Label and Instruction fields.
    5. Optional: To add an image, click Select Image and browse to the image you want to upload.
  19. Click Continue to Next Step.
  20. On the Publish tab, verify that the information is correct, then click Save & Publish.

    If you made your application public, it's submitted to us for registration. After we have process the registration for your application, your application information is published in the Application Catalog.

    Your application displays in the listing on your My Applications page, where you can view or edit all of the your application settings.

    If you made your application private, you must invite customers to connect to your application. For instructions, see Customer connection methods.


    After you publish an application, you cannot change the SSO connection types. You must remove the application and add it again. However, you can change the configuration settings for the SSO connections.

To test your application before connecting to a customer, see Testing your application using the built-in IdP or Testing your application using PingOne for Enterprise.