Adding Duo Security to your authentication policy
By modifying your PingFederate authentication policy to include the Duo Security IdP Adapter, you can challenge users to complete a multi-factor authentication (MFA) step.
About this task
These steps are designed to help you add to an existing authentication policy. For general information about configuring authentication policies, see Authentication Policies in the PingFederate documentation.
Steps
-
In the PingFederate administrative console, go to the Policies tab. For PingFederate 10.1 or later: go to Authentication → Policies → Policies.For PingFederate 10.0 or earlier: go to Identity Provider → Authentication Policies → Policies.
-
Select the IdP Authentication Policies check box.
-
Open an existing authentication policy, or click Add Policy. See Defining authentication policies in the PingFederate documentation.
-
In the Policy area, from the Select list, select a Duo Security IdP Adapter instance.
-
Map the Duo Security user ID or username into the Duo Security IdP Adapter instance.
-
Under the Duo Security IdP Adapter instance, click Options.
-
On the Options dialog, from the Source list, select a previous authentication source that collects the Duo Security user ID or username.
-
From the Attribute list, select the user ID. Click Done.
-
-
Configure each of the authentication paths.
-
Click Done.
-
In the Policies window, click Save.