---
title: Configuring IdentityIQ for SAML-based SSO
description: Use IdentityIQ's settings to configure SAML-based single sign-on (SSO).
component: solution-guides
page_id: solution-guides:single_sign-on_use_cases:htg_config_sailpoint_identityiq_pd_pf_saml_identityiq
canonical_url: https://docs.pingidentity.com/solution-guides/single_sign-on_use_cases/htg_config_sailpoint_identityiq_pd_pf_saml_identityiq.html
revdate: May 1, 2024
section_ids:
  steps: Steps
---

# Configuring IdentityIQ for SAML-based SSO

Use IdentityIQ's settings to configure SAML-based single sign-on (SSO).

## Steps

1. From the IdentityIQ Administration console settings menu, select **Global Settings**.

![Screenshot of IdentityIQ window showing the location of Global Settings in the menu beneath the wrench icon.](_images/lus1584135700663.png)

1. From the **Global Settings** menu, select **Login Configuration**.

2. Click the **SSO Configuration** tab and select the **Enable SAML-based single sign-on (SSO)** checkbox.

3. Enter the SAML-based SSO settings.

+\[caption=] .Identity Provider Settings

| Field                    | Description                                                                                      |
| ------------------------ | ------------------------------------------------------------------------------------------------ |
| EntityID / Issuer        | The PingFederate SAML 2.0 Entity ID or Virtual Server ID.                                        |
| SSO Login URL            | The PingFederate IdP SSO endpoint. The default value is https\://*\<domain>*:9031/idp/SSO.saml2. |
| Public X.509 Certificate | The public certificate used in the PingFederate IdentityIQ SP connection                         |

+\[caption=] .SP Provider (IdentityIQ) Settings

| Field                 | Description                                                               |
| --------------------- | ------------------------------------------------------------------------- |
| EntityID / Issuer     | The Partner's IdentityIQ/Connection ID setup in the PingFederate SP.      |
| SAML URL (ACS)        | The IdentityIQ application URL, /identityiq/home.jsf.                     |
| SAML Binding          | The HTTP method configured in the PingFederate SP connection.             |
| SAML Name ID Format   | The SAML Name ID Format configured in the PingFederate SP connection.     |
| SAML Correlation Rule | The correlation rule in IdentityIQ. The default value is IdentityNowSAML. |

1. Click **Save**.

   |   |                                                                                                                                                                                                                                                |
   | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | After configuration, the default IdentityIQ login page redirects to the PingFederate identity provider (IdP). If you are required to authenticate to IdentityIQ, use the following URL: https\://*\<domain>*/identityiq/login.jsf?prompt=true. |