You can use the POST /environments/{{envID}}/identityProviders endpoint to create the SAML identity provider configuration. This request automatically creates the core attribute mapping to associate the PingOne username attribute with the SAML samlAssertion.subject attribute. To verify the mapping, you can use the ?expand=attributes query filter to show the core attribute mapping details in the POST response.

In the request, the name property for the new identity provider is required and must be unique within the environment. The enabled property is required and should be set to true, and the type property is required and must specify SAML as the identity provider type.

The idpVerification.certificates[].id is required. This is the UUID of the verification certificate that you uploaded in Step 1a. The spSigning.key.id property value is the UUID of the signing key that you uploaded in Step 1b.

The response shows the configuration data for the new identity provider.

Note: The response also includes an attributes HAL link to initiate a request to create additional optional attribute mappings. For information about creating SAML identity provider attribute mappings, see Add provider attributes.