--- title: Defining a request policy description: You can define the basics of your client-initiated backchannel authentication (CIBA) request policy in the PingFederate administrative console. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:help_cibapolicymanagementtasklet_cibapolicymanagementstate canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_cibapolicymanagementtasklet_cibapolicymanagementstate.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: steps: Steps related-links: Related links --- # Defining a request policy You can define the basics of your client-initiated backchannel authentication (CIBA) request policy in the PingFederate administrative console. ## Steps 1. Go to **Applications > OAuth > CIBA Request Policies**. 2. On the **Manage Policy** tab, define the basics of your CIBA request policy. For more information about each field, refer to the following table. | Field | Description | | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Policy ID(Required) | The unique identifier of this request policy. | | Name(Required) | The name of this request policy. | | Authenticator(Required) | The CIBA authenticator instance associated with this request policy. | | User Code PCV | The Password Credential Validator (PCV) instance that PingFederate uses to validate the `user_code` parameter values it receives from clients associated with this request policy.+ If a client is associated with a request policy that has been configured with a PCV instance, it can support user code in its configuration. A client supporting user code must not be associated with a request policy that is not configured with a PCV instance. For more information on CIBA client configuration, see Configuring OAuth clients. | | Transaction Lifetime (Seconds) | The validity, in seconds, of authentication requests PingFederate receives from clients associated with this request policy since the generation of their authentication request acknowledgments.The default value is `120`.Clients can request a shorter lifetime by including the `requested_expiry` request parameter in their authentication requests. | | Allow Unsigned Login Hint Token | Controls whether clients associated with this request policy can use unsigned JSON web tokens (JWT) as values of the `login_hint_token` request parameter in their authentication requests.This checkbox is not selected by default. | | Require Token for Identity Hint | Controls whether clients associated with this request policy must use either the `id_token_hint` or `login_hint_token` as the identity hint in their authentication requests.This checkbox is not selected by default.When selected, clients associated with this request policy cannot use `login_hint` as the identity hint in their authentication requests. | | Alternative Login Hint Token Issuers | Alternative issuers that clients associated with this request policy can use in their signed login hint tokens. Furthermore, each additional issuer requires either the JWKS url or the actual JWKS so that PingFederate can verify the authenticity of the signed login hint tokens. | 3. Click **Next**. ## Related links * [Client-initiated backchannel authentication endpoint](../developers_reference_guide/pf_ciba_endpoint.html)