---
title: Creating advanced registration mapping
description: PingFederate leverages the HTML Form Adapter to deliver a secure and easy-to-use customer authentication, registration, and profile management solution. The HTML Form Adapter contract includes two core attributes.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_creat_advanced_registra_mapp
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_creat_advanced_registra_mapp.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 12, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result
  related-links: Related links
---

# Creating advanced registration mapping

PingFederate leverages the HTML Form Adapter to deliver a secure and easy-to-use customer authentication, registration, and profile management solution. The HTML Form Adapter contract includes two core attributes.

## About this task

Using the administrative console, create advanced registration mapping by defining authentication policies in your adapter instances.

To illustrate the configuration steps, consider the following setup that you have already made with the parameters `username` and `policy.action`. Whether or not the local identity profile is configured with any authentication sources, if the user chooses to register directly by clicking on the **Register now** link, PingFederate sets the value to `identity.registration`. This fulfillment allows you to create rules to differentiate authentication requirements from the registration flow.

* A PingDirectory installation with a set of users.

* An LDAP datastore, an LDAP Username Password Credential Validator instance, and an HTML Form Adapter instance on PingFederate to validate credentials stored in PingDirectory.

* An IdP authentication policy that chains the HTML Form Adapter instance, an PingID Adapter instance, and an authentication policy contract for the purpose of enforcing PingID multi-factor authentication in multiple browser-based single sign-on (SSO) use cases through service provider (SP) connections, OAuth authorization code flow, and OAuth implicit flow. The following window capture illustrates your existing policy.

  ![A screen capture of the Manage Authentication Policy window that displays existing authentication policies](_images/ezq1564003468791.jpg)

To illustrate the configuration steps, consider the following setup that you have. You need to add support for a consumer registration use case similar to the one in [Setting up self-service registration](pf_setting_up_self_service_registra.html), and, at the same time, keep the policy that enforces the multi-factor authentication requirement.

Configuration steps.

## Steps

1. Set up PingDirectory for customer identities.

2. Make a note of which authentication policy contract is currently being used in your policy.

3. Create a local identity profile.

   1. G to **Authentication > Policies > Local Identity Profiles** configuration wizard.

   2. On the **Profile Info** tab, in the **Local Identity Profile Name** field, enter a name of the local identity profile, and from the **Authentication Policy Contract** list, select the authentication policy from step [step 2](#step_m5n_jk5_wcb). Select the **Enable Registration** checkbox.

      If you want to enable profile management as well, select the relevant checkbox.

4. Configure the HTML Form Adapter instance for customer identities.

   1. Go to **Authentication > Integration > IdP Adapters**.

   2. From the **Instance Name** section, select the **HTMLFormAdapter**.

5. Modify your existing IdP authentication policy.

   1. Go to **Authentication > Policies > Policies**.

   2. On the **Policies** tab, under the **Policy** section, click the relevant policy to open the **Policy** window.

   3. Under the **Success** path of the HTML Form Adapter instance, click **Rules**.

   4. In the **Rules** dialog, create a policy path for users who choose to register. For this sample use case, configure as follows.

      **Defining authentication policy rules attributes field and values**

      | Attribute Name | Condition | Value                 | Result                                                                                                                                                           |
      | -------------- | --------- | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
      | policy.action  | equal to  | identity.registration | RegistrationComplete the rest of the configuration to create the local identity. The **Result** field controls the label shown for the policy path of this rule. |

      In addition, ensure the **Default to Success** checkbox is selected. When selected, the **Success** path remains, which is important for this sample use case where users are redirected to the PingID Adapter instance to fulfill the multi-factor authentication requirement after authenticating successfully against the HTML Form Adapter.

      When finished, click **Done**, which brings you back to the **Manage Authentication Policies** window.

   5. For the **Registration** path, select the local identity profile from step [step 3](#step_opc_c45_wcb) under **Action** and then complete its **Local Identity Mapping**configuration.

      The following screen capture illustrates your new policy.

      ![A screen capture of configuring authentication sources and successful paths to policy contracts to reuse mapping configuration.](_images/ten1564003470435.jpg)

   6. If you have enabled profile management in step [step 3](#step_opc_c45_wcb), you must also replace the policy contract with the local identity profile and then complete its **Local Identity Mapping** configuration.

      This step is required so that PingFederate can route users through the **HTML Form > PingID** policy path when they try to access the profile management page.

      The following screen capture illustrates this change.

      ![A screen capture of configuring an authentication policy to enable to route users through the HTML Form Adapter to PingID](_images/asq1564003471292.jpg)

      |   |                                                                                                                                          |
      | - | ---------------------------------------------------------------------------------------------------------------------------------------- |
      |   | No reconfiguration is required in your Browser SSO connections and OAuth grant-mapping configuration for your new policy to take effect. |

   7. Click **Save** to keep your changes.

## Result

You have now successfully added the requested consumer registration and profile management use case to your current policy.

## Related links

* [Setting up PingDirectory for customer identities](pf_setting_up_pd_for_customer_identit.html)

* [Managing local identity profiles](pf_managing_local_identity_profiles.html)

* [Applying policy contracts or identity profiles to authentication policies](pf_apply_policy_contract_or_ident_profile_to_auth_policies.html)