---
title: Configuring the Session Authentication Selector
description: The Session Authentication Selector enables PingFederate to choose a policy path at runtime based on whether the user already has a PingFederate authentication session for a particular source.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_config_sess_auth_selector
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_config_sess_auth_selector.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  steps: Steps
  result: Result
  example: Example
---

# Configuring the Session Authentication Selector

The Session Authentication Selector enables PingFederate to choose a policy path at runtime based on whether the user already has a PingFederate authentication session for a particular source.

## Steps

1. Go to **Authentication > Policies > Selectors** to open the **Selectors** window.

2. On the **Selectors** window, click **Create New Instance** to start the **Create Authentication Selector Instance** workflow.

3. On the **Type** tab, configure the basics of this authentication selector instance.

4. On the **Authentication Selector** window, click **Add a new row to 'Authentication Sources'**.

5. Select an IdP adapter instance or an IdP connection from the list, enter a value under **Result Value** for the selected authentication source, then click **Update**.

   The **Result Value** field controls the label shown for the policy path created by the selected authentication source.

   |   |                                                                                                                                                                                                                                   |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You must enable authentication sessions for the selected authentication source, or globally for all authentication sources, on the**Sessions** window. Click **Manage Sessions** to review and configure authentication sessions. |

6. (Optional) Repeat the previous step to add more authentication sources.

   Display order might matter.

   When you place this selector instance as a checkpoint in an authentication policy, each selector result value forms a policy path. The display order of the resulting policy paths matches the display order here, which may impact the policy outcome. When the policy engine reaches this selector instance, the selector starts from top to bottom. It exits and returns true as soon as it finds a match.

   As needed, use the up and down arrows to re-arrange the display order here, which also re-prioritizes the resulting policy paths.

   In addition, when no session exists for any of the defined sources, the result value for the first authentication source is returned unless the **Enable 'No Session' Result Value** checkbox is selected, in which case an additional policy path is added as the last path when this selector instance is placed as a checkpoint in an authentication policy.

   Click **Edit**, **Update**, or **Cancel** to make or undo a change to an existing entry. Click **Delete** or **Undelete** to remove an existing entry or cancel the removal request.

7. (Optional) Select the **Enable 'No Session' Result Value** checkbox to create a separate policy path for the scenario where no session exists for any of the defined sources.

   This checkbox is not selected by default.

8. Complete the configuration.

   1. On the **Summary** tab, click **Done**.

   2. On the **Selectors** window, click **Save**.

## Result

When you place this selector instance as a checkpoint in an authentication policy, each selector result value forms a policy path that you can define the desired authentication experience and requirements.

## Example

Example

The following screen capture illustrates a configuration where three authentication sources are defined and the **Enable 'No Session' Result Value** checkbox is selected.

![A screen capture illustrating a configuration where two authentication sources are defined and the Enable 'No Session' Result Value checkbox is selected.](_images/ndl1564003297501.png)

When this selector instance (named Intranet sessions) is placed in a policy, four policy paths are formed.

![A screen capture illustrating three policy paths.](_images/pjc1564003298381.png)