--- title: "Step 2: Create a SAML application" component: pingone-api page_id: pingone-api:workflow-library:platform-sso-and-authorization/saml/saml-sign-on-flow/environment-configuration/step-2-create-a-saml-application canonical_url: https://developer.pingidentity.com/pingone-api/workflow-library/platform-sso-and-authorization/saml/saml-sign-on-flow/environment-configuration/step-2-create-a-saml-application.html section_ids: headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Step 2: Create a SAML application ##     ```none POST {{apiPath}}/v1/environments/{{envID}}/applications ``` This example shows the `POST {{apiPath}}/v1/environments/{{envID}}/applications` operation to create a new SAML application. This configuration represents (to PingOne) the real application that users will query to sign-on. In this request: * `{{envID}}` represents the environment ID for your environment. * These properties are required in the request body: * `enabled`. The current enabled state of the application. * `name`. The name of the application. * `type`. The application type. In this workflow, the `type` is `WEB_APP`. * `protocol`. The protocol used by the application. In this workflow, the `protocol` is `SAML`. * `assertionDuration`. The assertion validity duration in seconds. * `acsUrls`. Assertion Consumer Service URLs. The first URL in the list is used as default. There must be at least one URL. * `sloResponseEndpoint`. The endpoint URL to submit the logout response. If a value is not provided, the `sloEndpoint` property value is used to submit the SLO response. * `spEntityId`. The service provider entity ID used to look up the application. This is a required property and is unique within the environment. * `nameIdFormat`. The format of the Subject `NameID` attribute in the SAML assertion. * `accessControl`. The access control configuration for sign-on. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The `accessControl.group.groups` property specifies the group that controls access to the application. The previous step defines the group itself and the user filter that adds users to the group automatically if they have a specific `type` property value. | * The response returns a `Status: 201 created` message and shows the new application's configuration data. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "name": "SAMLapp_{{$timestamp}}", "description": "this is my SAML application", "enabled": true, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/applications' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "name": "SAMLapp_{{$timestamp}}", "description": "this is my SAML application", "enabled": true, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/applications") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""name"": ""SAMLapp_{{$timestamp}}""," + "\n" + @" ""description"": ""this is my SAML application""," + "\n" + @" ""enabled"": true," + "\n" + @" ""type"": ""WEB_APP""," + "\n" + @" ""protocol"": ""SAML""," + "\n" + @" ""assertionDuration"": 60," + "\n" + @" ""acsUrls"": [" + "\n" + @" ""https://example.com""" + "\n" + @" ]," + "\n" + @" ""sloResponseEndpoint"": ""https://example.com""," + "\n" + @" ""sloEndpoint"": ""https://example.com""," + "\n" + @" ""spEntityId"": ""samltest{{$timestamp}}""," + "\n" + @" ""nameIdFormat"": ""urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""," + "\n" + @" ""accessControl"": {" + "\n" + @" ""group"": {" + "\n" + @" ""type"": ""ANY_GROUP""," + "\n" + @" ""groups"": [" + "\n" + @" {" + "\n" + @" ""id"": ""{{samlGroupID}}""" + "\n" + @" }" + "\n" + @" ]" + "\n" + @" }" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/applications" method := "POST" payload := strings.NewReader(`{ "name": "SAMLapp_{{$timestamp}}", "description": "this is my SAML application", "enabled": true, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/applications HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "name": "SAMLapp_{{$timestamp}}", "description": "this is my SAML application", "enabled": true, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"SAMLapp_{{$timestamp}}\",\n \"description\": \"this is my SAML application\",\n \"enabled\": true,\n \"type\": \"WEB_APP\",\n \"protocol\": \"SAML\",\n \"assertionDuration\": 60,\n \"acsUrls\": [\n \"https://example.com\"\n ],\n \"sloResponseEndpoint\": \"https://example.com\",\n \"sloEndpoint\": \"https://example.com\",\n \"spEntityId\": \"samltest{{$timestamp}}\",\n \"nameIdFormat\": \"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\",\n \"accessControl\": {\n \"group\": {\n \"type\": \"ANY_GROUP\",\n \"groups\": [\n {\n \"id\": \"{{samlGroupID}}\"\n }\n ]\n }\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/applications") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/applications", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "name": "SAMLapp_{{$timestamp}}", "description": "this is my SAML application", "enabled": true, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/applications', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "name": "SAMLapp_{{$timestamp}}", "description": "this is my SAML application", "enabled": true, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/applications" payload = json.dumps({ "name": "SAMLapp_{{$timestamp}}", "description": "this is my SAML application", "enabled": True, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/applications'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "name": "SAMLapp_{{$timestamp}}",\n "description": "this is my SAML application",\n "enabled": true,\n "type": "WEB_APP",\n "protocol": "SAML",\n "assertionDuration": 60,\n "acsUrls": [\n "https://example.com"\n ],\n "sloResponseEndpoint": "https://example.com",\n "sloEndpoint": "https://example.com",\n "spEntityId": "samltest{{$timestamp}}",\n "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",\n "accessControl": {\n "group": {\n "type": "ANY_GROUP",\n "groups": [\n {\n "id": "{{samlGroupID}}"\n }\n ]\n }\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/applications") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "name": "SAMLapp_{{\$timestamp}}", "description": "this is my SAML application", "enabled": true, "type": "WEB_APP", "protocol": "SAML", "assertionDuration": 60, "acsUrls": [ "https://example.com" ], "sloResponseEndpoint": "https://example.com", "sloEndpoint": "https://example.com", "spEntityId": "samltest{{\$timestamp}}", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "{{samlGroupID}}" } ] } } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"name\": \"SAMLapp_{{$timestamp}}\",\n \"description\": \"this is my SAML application\",\n \"enabled\": true,\n \"type\": \"WEB_APP\",\n \"protocol\": \"SAML\",\n \"assertionDuration\": 60,\n \"acsUrls\": [\n \"https://example.com\"\n ],\n \"sloResponseEndpoint\": \"https://example.com\",\n \"sloEndpoint\": \"https://example.com\",\n \"spEntityId\": \"samltest{{$timestamp}}\",\n \"nameIdFormat\": \"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\",\n \"accessControl\": {\n \"group\": {\n \"type\": \"ANY_GROUP\",\n \"groups\": [\n {\n \"id\": \"{{samlGroupID}}\"\n }\n ]\n }\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/4b001fae-76c5-429e-8950-73ecd3b3ca0e" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "metadata": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/4b001fae-76c5-429e-8950-73ecd3b3ca0e/metadata" }, "attributes": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/4b001fae-76c5-429e-8950-73ecd3b3ca0e/attributes" }, "idpSigningKey": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keys/222e2d90-583e-4ed3-8c59-38a97d8b5350" } }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "id": "4b001fae-76c5-429e-8950-73ecd3b3ca0e", "name": "SAMLapp_1776869193", "description": "this is my SAML application", "enabled": true, "hiddenFromAppPortal": false, "type": "WEB_APP", "accessControl": { "group": { "type": "ANY_GROUP", "groups": [ { "id": "e873973d-03ab-41c5-9c78-ca5cc51c8e99" } ] } }, "protocol": "SAML", "createdAt": "2026-04-22T14:46:34.108Z", "updatedAt": "2026-04-22T14:46:34.108Z", "clientId": "4b001fae-76c5-429e-8950-73ecd3b3ca0e", "spEntityId": "samltest1776869193", "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "sloResponseEndpoint": "https://example.com", "responseSigned": false, "sloBinding": "HTTP_POST", "acsUrls": [ "https://example.com" ], "assertionDuration": 60, "sloEndpoint": "https://example.com", "assertionSigned": true, "idpSigning": { "key": { "id": "222e2d90-583e-4ed3-8c59-38a97d8b5350" }, "algorithm": "SHA256withRSA" } } ```