--- title: Configuring an authentication policy description: To use PingID as an authentication solution for Windows login with PingFederate, create an authentication policy contract and an authentication policy in PingFederate. component: pingid page_id: pingid:pingid_integrations:lbp1594048132462 canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/lbp1594048132462.html revdate: January 30, 2024 section_ids: about-this-task: About this task steps: Steps result: Result: --- # Configuring an authentication policy To use PingID as an authentication solution for Windows login with PingFederate, create an authentication policy contract and an authentication policy in PingFederate. ## About this task ## Steps 1. In PingFederate, create an authentication policy contract:. For more information, see [Policy Contracts](https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93\&topicId=aat1564002989773.html). 1. Go to Policy Contracts: * PingFederate 10.1 or later: Go to **Authentication → Policies → Policy Contracts**. * PingFederate 10 or earlier: On the **Identity Provider** tab, in the **Authentication Policies** section, click **Policy Contracts**. 2. Click **Create New Contract**. 3. In the**Contract Name** field, enter a meaningful name for the Windows login policy contract, and click **Next**. 4. In the **Contract Attributes** tab, for each attribute you want to add, in the**Extend the Contract** area, type the name of the attribute and then click **Add**. The **subject**, and **winlogin.auth.response**, attributes must be included. 5. Click **Next**, and then click **Save**. 2. Create a PingFederate authentication policy for Windows login authentication: For more information, see [Policies](http://docs.pingidentity.com/pingfederate/12.3/administrators_reference_guide/qmq1564002987890.html). 1. Go to Authentication Policies: * PingFederate 10.1 or later: Go to **Authentication → Policies**. * PingFederate 10 or earlier: On the **Identity Provider** tab, in the **Authentication Policies** section, click **Policies**. 2. In the **Policies** tab: 3. ensure the**IdP Authentication Policies** check box is selected, and then click **Add Policy**. 4. In the **Name** field, enter a meaningful name for the Windows login authentication policy. 5. From the **Policy** list, select **IdP Adapters** and then select the [PingID Adapter instance for Windows](pid_configuring_adapter_instance_windows_login.html) that you created earlier. A branch is added to the PingFederate policy tree, and **Fail** and **Success** fields are added. 6. In the **FAIL** field, click **Done**. 7. In the **Success** field, select **Policy Contract** and then select the policy contract you created earlier. 8. Under the PingID Adapter **Success** field, click **Contract Mapping**, and then click **Next**. 9. In the **Contract Fulfillment** tab: 1. In the Adapter Contract **subject** row, in the **Source** field, select the PingID Adapter you created for Windows login, and in the **Value** field, select **subject**. 2. In the **winlogin.auth.response** row, in the **Source** field select the PingID Adapter you created for Windows login, and in the **Value** field, select **winlogin.auth.response**. 3. Click **Next**, and in the **Issuance Criteria** tab, click **Next**. 4. In the **Summary** tab, click **Done**. 10. In the **Policy** window, click **Done**. ### Result: The PingFederate authentication policy is saved.