1. In the PingFederate administrative console, go to Applications > Integration > SP Connections.
  2. Click Create Connection.

    Screen capture of the PingFederate administrative console on the SP Connection page displaying the Create Connection and Import Connection buttons.
  3. On the Connection Template tab, click Do not use a template for this connection. Click Next.
  4. On the Connection Type tab, select the Browser SSO Profiles check box.
  5. In the Protocol list, select SAML 2.0 and click Next.
  6. On the Connection Options tab, click Next.
  7. On the Import Metadata tab, click File and then choose the metadata file that you downloaded previously. Click Next.

    Screen capture of the PingFederate administrative console on the Import Metadata tab for creating an SP connection.
  8. On the Metadata Summary tab, review the EntityID field and click Next.
  9. On the General Info tab, review the imported Base URL field, then click Next.

    Screen capture of the PingFederate administrative console on the General Info tab for creating an SP connection.
  10. On the Browser SSO tab, click Configure Browser SSO.

    Screen capture of the PingFederate administrative console on the Browser SSO tab for configuring a browser SSO.

    The tabs for the Browser SSO section display.

  11. Configure the browser SSO:
    1. On the SAML Profiles tab, select the SP-Initiated SSO check box. Click Next.

      Screen capture of the PingFederate administrative console on the SAML Profiles tab for configuring a browser SSO.
    2. On the Assertion Lifetime tab, accept the default values and click Next.
    3. On the Assertion Creation tab, click Configure Assertion Creation.

      Screen capture of the PingFederate administrative console on the Assertion Creation tab for configuring a browser SSO with the Configure Assertion Creation button available.

      The tabs for the Assertion Creation section display.

  12. Configure the assertion creation:
    1. On the Identity Mapping tab, click Next.
    2. On the Attribute Contract tab, click Next.
    3. On the Authentication Source Mapping tab, click Map New Adapter Instance.

      Screen capture of the PingFederate administrative console on the Authentication Source Mapping tab for configuring an assertion creation.

      The tabs for the IdP Adapter Mapping section display.

  13. Configure the IdP adapter mapping:
    1. On the Adapter Instance tab, select the HTML form adapter that you created. Click Next.

      Screen capture of the PingFederate administrative console on the Adapter Instance tab.
    2. On the Mapping Method tab, click Next.
    3. On the Attribute Contract Fulfillment tab, in the Source list select Adapter and in the Value list select username. Click Next.

      Screen capture of the PingFederate administrative console on the Attribute Contract Fulfillment tab.
    4. On the Issuance Criteria tab, click Next.
    5. On the Summary tab, click Done.

      You return to the Assertion Creation section.

  14. On the Authentication Source Mapping tab, click Next.
  15. On the Summary tab, click Done.

    You return to the Browser SSO section.

  16. On the Assertion Creation tab, click Next.
  17. On the Protocol Settings tab, click Configure Protocol Settings.

    The tabs for the Protocol Settings section display.

  18. Configure the protocol settings:
    1. On the Assertion Consumer Service URL tab, review the Endpoint URL value. Click Next.

      Screen capture of the PingFederate administrative console on the Assertion Consumer Service URL tab showing the Endpoint URL for a POST binding.
    2. On the Allowable SAML Bindings tab, ensure that POST and REDIRECT are the only values checked. Click Next.
    3. On the Signature Policy tab, click Next.
    4. On the Encryption Policy tab, click Next.
    5. On the Summary tab, click Done.

      You return to the Browser SSO section.

  19. On the Protocol Settings tab, click Next.
  20. On the Summary tab, click Done.

    You return to the SP Connection section.

  21. On the Browser SSO tab, click Next.
  22. On the Credentials tab, click Configure Credentials.

    Screen capture of the PingFederate administrative console on the Credentials tab showing the Configure Credentials button.

    The tabs for the Credentials section display.

  23. Configure the credentials:
    1. On the Digital Signature Settings tab, select the Signing Certificate that you chose in Exporting the signing certificate from PingFederate. Click Next.

      Screen capture of the PingFederate administrative console on the Digital Signature Settings tab with the Manage Certificates button available.
    2. On the Summary tab, click Done.

      You return to the SP Connection section.

  24. On the Credentials tab, click Next.
  25. On the Activation & Summary tab, click Save.

    Screen capture of the PingFederate administrative console on the Activation & Summary tab of the SP Connection section.