PingID Administration Guide

Creating an authentication policy (Windows passwordless)

Steps

  1. In the PingOne admin console, open the environment you are using for Windows Login - Passwordless.

  2. Create a new attribute to store the SID (Security Identifier):

    1. Go to Directory > User Attributes and click +.

    2. In the Add Attribute pane, click Declared and then click Next

    3. Enter a name for the attribute, such as sid. Select the Enforce unique values checkbox, and then click Save.

  3. Add the custom attribute to the relevant users:

    1. Go to Directory > Users and edit the relevant user profile.

    2. In the Edit Profile pane, in the Custom Attributes section click Add.

    3. In the New Attribute field, select the attribute you created in the previous step and enter a value for the attribute. Click Save.

  4. Create an Authentication Policy:

    1. Go to Authentication > Authentication.

    2. Click Add Policy.

      Result:

      The policy definition screen is displayed.

    3. Give the policy a name.

    4. For Step Type, select Windows Login Passwordless.

    5. In the Match Attributes list, select the attribute that you mapped to ObjectSID.

      This list includes any attributes that you have specified as unique by selecting the Enforce Unique Values option.

    6. Select the Offline Mode option if you want to allow users to sign on when PingOne or PingID are not available.

    7. Click Save to save the policy.