PingFederate 10.1

Processing steps

Almost every customer using PingFederate as an identity provider (IdP) has at least one connection to a datastore. A datastore connection allows PingFederate to retrieve user attributes for outbound connections. Active Directory is the most common data source used to connect to PingFederate.

An illustration of a 3-step user-initiated single sign-on (SSO) when PingFederate is the identity provider and has a datastore connection.
  1. The user initiates single sign-on (SSO) and activates PingFederate.
  2. The user enters credentials in the htmlForm page. PingFederate query’s the connected datastore for authentication.
  3. A SAML assertion is sent to the service provider containing the select attributes for SSO.