---
title: SP authentication policies
description: Service provider (SP) authentication policies provide a means for you to impose authentication requirements on SP-initiated browser single sign-on (SSO) requests received at the /sp/startSSO.ping endpoint.
component: pingfederate
version: 13.0
page_id: pingfederate:administrators_reference_guide:pf_sp_auth_policies
canonical_url: https://docs.pingidentity.com/pingfederate/13.0/administrators_reference_guide/pf_sp_auth_policies.html
revdate: July 5, 2022
---

# SP authentication policies

Service provider (SP) authentication policies provide a means for you to impose authentication requirements on SP-initiated browser single sign-on (SSO) requests received at the `/sp/startSSO.ping` endpoint.

When you enable this optional feature, you create policies that the PingFederate SP server can use to find the applicable SP adapter instance to access target applications. For this reason, you must configure the target applications to provide the `SpSessionAuthnAdapterId` parameter or the `TargetResource` parameter, or both, in their SP-initiated SSO requests.

If you prefer to provide the `TargetResource` parameter without the `SpSessionAuthnAdapterId` parameter, you must go to **Applications > Integration > Target URL Mapping** and configure entries to map the `TargetResource` values to the applicable SP adapter instances.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|   | SP authentication policies only apply to SP-initiated browser SSO requests received at the [developers\_reference\_guide:pf\_sp\_services.adoc#spStartSsoPing](../developers_reference_guide/pf_sp_services.html#spStartSsoPing) SP application endpoint. They do not apply to unsolicited SSO requests received at the SP protocol endpoints.In addition, enabling SP authentication policies does not enable authentication policies for identity provider (IdP) browser SSO requests, adapter-to-adapter requests, and browser-based OAuth authorization code and implicit flows. |

For more information and configuration steps, see the subsequent sample use cases.