1. Open SharePoint Management Shell.
  2. Update the following commands according to your environment and run them one by one. To run the commands as a PowerShell script, add them to a .psl file.
    #Path to the Signing Certificate exported from the PingFederate server.
    $certpath = "c:\<pf-cert-name>.crt"
     #Name the PingFederate will be represented within SharePoint as a Trusted Identity Provider (PingFederateSTS was used in this example).
    $stsname = "<PingFederate_Trusted_Identity_Provider_name>"
    #Description for PingFederate STS within SharePoint.
    $stsdesc = "PingFederate Claims Provider"
    #Entity ID of the SharePoint realm (in our example it is ektd:sp02).
    $stsrealm = "<SharePoint_Realm_Name>"
     #PingFederate WS-Federation Endpoint.
    $signinurl = "https://<PingFederate_host_name_or_FQDN>:<port_number>/idp/prp.wsf"
     #Importing PingFederate Certificate into SharePoint.
    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("$certpath")
    New-SPTrustedRootAuthority -Name "PingFederate Token Signing Cert" -Certificate $cert
    # Defining incoming Claim Types. 
    # Note: It could be more than one incoming claim type specified here.
    $m1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
    # Creating Trusted Identity Provider
    New-SPTrustedIdentityTokenIssuer -Name $stsname -Description $stsdesc -Realm $stsrealm -ImportTrustCertificate $cert -ClaimsMappings $m1 -SignInUrl $signinurl -IdentifierClaim $m1.InputClaimType