---
title: Creating an authentication policy (Windows passwordless)
description: In the PingOne admin console, open the environment you are using for Windows Login - Passwordless.
component: pingid
page_id: pingid:pingid_integrations:pid_creating_authentication_policy_windows_passwordless
canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_creating_authentication_policy_windows_passwordless.html
revdate: January 29, 2024
section_ids:
  steps: Steps
  result: Result:
---

# Creating an authentication policy (Windows passwordless)

## Steps

1. In the PingOne admin console, open the environment you are using for Windows Login - Passwordless.

2. Create a new attribute to store the SID (Security Identifier):

   1. Go to **Directory** > **User Attributes** and click **+**.

   2. In the **Add Attribute** pane, click **Declared** and then click **Next**

   3. Enter a name for the attribute, such as `sid`. Select the **Enforce unique values** checkbox, and then click **Save**.

3. Add the custom attribute to the relevant users:

   1. Go to **Directory** > **Users** and edit the relevant user profile.

   2. In the **Edit Profile** pane, in the **Custom Attributes** section click **Add**.

   3. In the **New Attribute** field, select the attribute you created in the previous step and enter a value for the attribute. Click **Save**.

4. Create an Authentication Policy:

   1. Go to **Authentication** > **Authentication**.

   2. Click **Add Policy**.

      ### Result:

      The policy definition screen is displayed.

   3. Give the policy a name.

   4. For **Step Type**, select **Windows Login Passwordless**.

   5. In the **Match Attributes** list, select the attribute that you mapped to **ObjectSID**.

      |   |                                                                                                                        |
      | - | ---------------------------------------------------------------------------------------------------------------------- |
      |   | This list includes any attributes that you have specified as unique by selecting the **Enforce Unique Values** option. |

   6. Select the **Offline Mode** option if you want to allow users to sign on when PingOne or PingID are not available.

   7. Click **Save** to save the policy.