--- title: Configuring authentication policy description: Create an authentication policy rule to protect chosen services or apps with the authentication portal. component: pingid page_id: pingid:pingid_integrations:pid_configuring_authentication_policy_palo_alto canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_configuring_authentication_policy_palo_alto.html revdate: July 2, 2024 section_ids: steps: Steps result: Result: next-steps: Next steps --- # Configuring authentication policy Create an authentication policy rule to protect chosen services or apps with the authentication portal. ## Steps 1. In the Palo Alto NGFW admin portal, go to **Policies → Authentication**, and then click **Add**. ### Result: The **Authentication Policy Rule** window is displayed. ![A screen capture of the Authentication Policy Rule window on the General tab showing the fields for Name, Description, Tags, Group Rules by Tag, and Audit Comment. There is a hyperlink for Audit Comment Archive..](_images/jbt1567601282654.png) 2. On the **General** tab, enter a name for the rule in the **Name** field. 3. On the **Source** tab, from the **Source Zone** list, select an option. ![A screen capture of the Source tab. There are two source lists shown: Source Zone and Source Address. Each list has a check box option for Any. It is selected for the Source Address list. The Source Zone list shows the option corp-vpn. Each list also has an Add plus sign button. The bottom of the tab has a check box for Negate. The bottom of the window has the OK and Cancel buttons.](_images/bet1567601752659.png) 4. On the **Destination** tab, from the **Destination Zone** list, select an option. ![A screen capture of the Destination tab.There are two destination lists shown: Destination Zone and Destination Address. Each list has a check box option for Any. It is selected for the Destination Address list. The Destination Zone list shows the option trusted. Each list also has an Add plus sign button. The bottom of the tab has a check box for Negate. The bottom of the window has the OK and Cancel buttons.](_images/vdq1567601902475.png) 5. On the **Service** tab, select the services or URL categories to protect. ![A screen capture of the Service/URL Category tab.There are two lists shown: Service and URL Category. The Service list has a drop-down selection list above it and the URL Category list has a check box option for Any, which is selected in this screen capture. The Service list shows the options service-http and service-https. Each list also has an Add plus sign button. The bottom of the window has the OK and Cancel buttons.](_images/prr1567602012082.png) 6. On the **Actions** tab, from the **Authentication Enforcement** list, select the authentication enforcement that you created in the previous section. Click **OK**. ![A screen capture of the Actions tab with the Authentication Enforcement field showing the selected authentication enforcement previously created.](_images/syx1567602113037.png) ## Next steps For further information, see [Authentication Policies](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/authentication-policy.html).