You can use the POST /environments/{{envID}}/identityProviders
endpoint to create the SAML identity provider configuration. This request automatically creates the core attribute mapping to associate the PingOne username
attribute with the SAML samlAssertion.subject
attribute. To verify the mapping, you can use the ?expand=attributes
query filter to show the core attribute mapping details in the POST
response.
In the request, the name
property for the new identity provider is required and must be unique within the environment. The enabled
property is required and should be set to true
, and the type
property is required and must specify SAML
as the identity provider type.
The idpVerification.certificates[].id
is required. This is the UUID of the verification certificate that you uploaded in Step 1a. The spSigning.key.id
property value is the UUID of the signing key that you uploaded in Step 1b.
The response shows the configuration data for the new identity provider.