In this configuration, PingFederate acts as the service provider (SP) for Company B's IdP, and the same PingFederate instance acts as the IdP for all of the applications owned by Company A. You also configure a SAML connection between PingFederate's IdP and SP.

  1. A user from Company B accesses an enterprise application owned by Company A.
  2. An authentication request is sent to PingFederate.
  3. PingFederate's Identifier First Adapter prompts the user for their username.
  4. The Identifier First Adapter parses the user input and determines where to redirect the user for authentication.
  5. In this case, PingFederate redirects the user to the Company B sign-on page.
  6. The user signs on with Company B credentials.
  7. Company B's IdP validates the credentials and sends the SAML/OIDC response to PingFederate, which is acting as the SP.
  8. PingFederate's IdP connection (PingFederate's SP instance) receives the response and uses the attributes to generate an authentication response.