Create an IdP connection in PingFederate using the policy contract created in step 1.

For more information, see Managing IdP connections.


In this connection, PingFederate will act as the SP, and Company B's single sign-on (SSO) provider will act as the IdP. You must have the IdP metadata or metadata information from Company B's SSO administrator.

  1. Go to Authentication > Integration > IdP Connections and then click Create Connection.
  2. On the Connection Type tab, select the Browser SSO Profiles check box., and from the Protocol list, select SAML 2.0. Click Next.
  3. On the Connection Options tab, select the option that apply to the connection, and then click Next.
  4. On the Import Metadata tab, import metadata from a file or URL if desired. Click Next.
  5. On the General Info tab, complete the Partner's Entity ID and Connection Name fields, and then click Next.
  6. On the Browser SSO tab, click Configure Browser SSO, and then select the applicable SSO profiles. Click Next.
  7. On the User-Session Creation tab, click Configure User-Session Creation, and then select No Mapping. Click Next.
  8. On the Attribute Contract tab, extend the contract if desired. Click Next.
  9. On the Target Session Mapping tab, click Map New Authentication Policy, and from the Authentication Policy Contract list, select the policy contract you created in step 1. Click Next.
  10. On the Attribute Retrieval tab, select the type of attribute retrieval, and then click Next.
  11. On the Contract Fulfillment tab, from the Source list, select a source to fulfill the policy contract, and from the Value list, select a value from the source. Click Next.
  12. On the Issuance Criteria tab, you can configure conditional authorization if desired. Click Next, and then on the Summary tab, click Done.
  13. Click Next and Done until you reach the Protocol Settings tab. Click Configure Protocol Settings.
  14. On the SSO Service URLs tab, from the Binding list, select a binding.
  15. In the Endpoint URL field, enter the endpoint URL. Click Add and then click Next.
  16. On the Allowable SAML Bindings tab, select which SAML bindings will receive messages from the IdP. Click Next.
  17. On the Artifact Resolver Locations tab, in the URL field, enter the remote party URL that you will use to translate the artifact and get the protocol message. Click Add and then Next.

    You can add multiple URLs.

  18. On the Overrides tab, specify a default target URL and an authentication context if desired. Click Next.
  19. On the Encryption Policy tab, specify additional XML encryption for SAML messages if desired. Click Next.
  20. On the Signature Policy tab, specify additional signature requirements if desired. Click Next.
  21. Click Next and Done until you reach the Credentials tab. Click Configure Credentials.
  22. On the Back-Channel Authentication tab, ensure that security settings are properly configured for your selected bindings, and then click Next.
  23. On the Signature Verification Settings tab, click Manage Signature Verification Settings and follow the on-screen instructions. When you are returned to this tab, click Next and then Done.
  24. Click Next and Done when you reach the Activation & Summary tab.