Prepare for Single Sign-On (SSO) > Is SSO Right for You? > Collect Useful SSO Configuration Parameters
  
Collect Useful SSO Configuration Parameters
Collecting the following information before you begin installing and configuring your Experience Service can help streamline the process. Locate and note the following information that you’ll need for your installation:
Information Needed
Description
Experience Service URL
<es-base-url>
The URL used to access your Experience Service.
This should be in the following format:
<es-protocol>://<es-host>:<es-port>
For example, https://es.example.com:8443
If your Experience Service is using the protocol's default port (port 80 for HTTP or port 443 for HTTPS), do not specify the default port for your Experience Service base URL. In some cases, including the default port can cause PingFederate to consider the Vuforia Studio redirect URI invalid.
For example, if the server in the previous example used port 443 instead of port 8443, then the base URL would be:
https://es.example.com
Scope
<es-scope>
* 
If your company does not support creating custom or new scopes, you’ll need to set this parameter to a predefined scope. Typically, you can check your OpenID configuration for supported scopes, or check with your PingFederate administrator.
If nothing is defined, es-scope will be set to: studio-es-<es-host>:<es-port>.
For example:
studio-es-es.example.com:8443
Authorization endpoint URL of your PingFederate authorization server
<as-auth-endpoint>
URL is used to initiate the authorization code flow that is used to authenticate users and obtain delegated authorization. Complete the following steps to obtain the value for this parameter:
1. In a web browser, navigate to the following URL:
<as-base-url>/.well-known/openid-configuration
This displays a JSON file containing OpenID and OAuth configuration information for your PingFederate server.
2. The value of the authorization_endpoint property is the authorization endpoint URL. For example:
https://pingfed.example.com/as/authorization.oauth2
* 
Remove any backslashes ("\") from the URL returned by PingFederate.
Token endpoint URL of your PingFederate authorization server
<as-token-endpoint>
Clients use this endpoint to retrieve access and refresh tokens. Complete the following steps to obtain the value for this parameter:
1. In a web browser, navigate to the following URL:
<as-base-url>/.well-known/openid-configuration
This displays a JSON file containing OpenID and OAuth configuration information for your PingFederate server.
2. The value of the token_endpoint property is the token endpoint URL. For example:
https://pingfed.example.com/as/token.oauth2
* 
Remove any backslashes ("\") from the URL returned by PingFederate.