Product Documentation >   >  PingFederate 6.6 >  Getting Started >  Introduction >  About Identity Federation and SSO >  Service Providers and Identity Providers
PingFederate 6.6
Service Providers and Identity Providers

Identity federation standards identify two operational roles in an Internet SSO transaction: the identity provider (IdP) and the service provider (SP). An IdP, for example, might be an enterprise that manages accounts for a large number of users who may need secure Internet access to the Web-based applications or services of customers, suppliers, and business partners. An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services (see illustration below).

Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP. The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.

PingFederate provides complete support for both roles. Note that business processes of a single organization might encompass both SP and IdP use cases; this scenario can be handled by a single instance of PingFederate.

To facilitate simplified and fast SSO connections between an IdP and an SP, Ping Identity offers a companion product, PingFederate Express. An SP can use PingFederate Express to configure a lightweight SAML endpoint automatically, based on a configuration file supplied by the IdP using PingFederate. For more information, see About PingFederate Express in the PingFederate Administrator’s Manual.