---
title: Configuring authentication request signing in PingOne for Enterprise
description: For service provider (SP)-initiated single sign-on (SSO), your identity provider (IdP) or company policy might require signing the SAML authentication request.
component: solution-guides
page_id: solution-guides:single_sign-on_use_cases:htg_config_authn_req_sign_p14e
canonical_url: https://docs.pingidentity.com/solution-guides/single_sign-on_use_cases/htg_config_authn_req_sign_p14e.html
revdate: February 16, 2022
section_ids:
  before-you-begin: Before you begin
  steps: Steps
  result: Result
---

# Configuring authentication request signing in PingOne for Enterprise

For service provider (SP)-initiated single sign-on (SSO), your identity provider (IdP) or company policy might require signing the SAML authentication request.

## Before you begin

* Ensure that you have internet access.

* If you do not already have a PingOne for Enterprise account, [create an account](https://admin.pingone.com/web-portal/register).

## Steps

1. Sign in to the PingOne for Enterprise [admin portal](https://admin.pingone.com/web-portal/login).

2. Click **Setup**.

3. Click the **Pencil** ([icon: pencil, set=fa]) icon.

4. Select **PingFederate**. Click **Next.**

5. If PingFederate is already installed:

   1. Click **Yes**, then click **Next**.

   2. Copy the provided activation key into PingFederate Bridge when prompted.

6. If PingFederate is not installed:

   1. Click **No**, then click **Next**.

   2. Click the appropriate server platform.

   3. Download and install PingFederate Bridge, then click **Next**.

   4. Copy the provided activation key into PingFederate Bridge when prompted.

      If PingOne for Enterprise is configured with PingFederate version 8.0 or later, no changes in PingOne for Enterprise are necessary.

      |   |                                                                                                                                                                                           |
      | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
      |   | If PingFederate is set to **Require AuthN Requests To be Signed When Received via The Post or Redirect Bindings**, PingOne for Enterprise automatically signs the authentication request. |

7. If PingOne for Enterprise is configured with custom SAML:

   1. Select the **Sign AuthnRequest From PingOne** checkbox. Click **Next**.

   2. Click **Manually Enter Your IDP Connection Information**. Click **Save**.

## Result

PingOne for Enterprise will sign authentication requests during the SP-initiated SSO process. The verification certificate is inside the PingOne for Enterprise metadata file, and gets loaded into the SAML product when the metadata is uploaded for configuration.