1. In PingFederate, go to SP Connections and click Create Connection.
  2. On the Connection Template tab, select Do Not Use a Template for This Connection. Click Next until you reach the Import Metadata tab and accept the default values.
  3. On the Import Metadata tab, click File and then click Choose File. Select the metadata file you saved in Configuring a new IdP in PingOne and downloading the IdP metadata and click Open.
  4. Click Next until you reach the Browser SSO tab.
  5. Click Configure Browser SSO. On the SAML Profiles tab, select IDP-Initiated SSO and SP-Initiated SSO. Click Next.
  6. On the Assertion Creation tab, click Configure Assertion Creation. Click Next until you reach the Authentication Source Mapping tab.
  7. On the Authentication Source Mapping tab, click Map New Adapter Instance. Select HTML Form Adapter from the Adapter Instance list and click Next until you reach the Attribute Contract Fulfillment tab.
  8. On the Attribute Contract Fulfillment tab, select Adapter from the SAML_SUBJECT Source list.
  9. From the SAML_SUBJECT Valuelist, select username. Click Next and Done until you complete the assertion creation.
  10. On the Protocol Settings tab, click Configure Protocol Settings.

    On the Assertion Consumer Service URL tab, you will see a default endpoint URL generated from the metadata in step 4.

    If you don't see the default endpoint URL, restart the SP configuration.

  11. Click Next.
  12. On the Allowable SAML Bindings tab, clear the Artifact and Soap check boxes. Click Next and Done until you complete the Browser SSO configuration.
  13. On the Credentials tab, click Configure Credentials.
  14. From the Signing Certificate list, select your certificate from Creating a certificate in PingFederate and converting it to .p7b format then click Next, Done, and Save to complete the SP connection configuration.