When doing service provider initiated SSO, your identity provider or company policy may require signing of the SAML authentication request. To enable signing please follow the steps below:

- Log into the PingOne Admin portal
- Click "Set up" in the navigation toolbar.



- Click the Pencil icon  

If PingOne is configured with PingFederate version "7.3 or Below":
- Click "Next"
- On the following screen, put a check in the box "SIGN AUTHNREQUEST FROM PINGONE"


- Click "Next"
- Click "Next" on the remaining screens, then click "Save" to save your changes. 

If PingOne is configured with PingFederate version "8.0 or Above":
No changes in PingOne are applicable. If PingFederate is set to require "Require AuthN Requests To be Signed When Received via The Post or Redirect Bindings", PingOne will automatically sign the authentication request.

If PingOne is configured with 3rd Party SAML:
- When you click the pencil, you will be taken directly to the configuration screen where you can set AuthN signing. Put a check in the box "SIGN AUTHNREQUEST FROM PINGONE":



- Click "Next"
- Select the radio button "Manually Enter Your IDP Connection Information".



- No other changes are required, click "Save".

When the above changes are made, PingOne will sign authentication requests when service provider initiated SSO are performed. The verification certificate is inside the PingOne metadata file and should get loaded into the SAML product when the metadata is uploaded for configuration.