Authentication policy
You can define policies per application or per group of applications for any application defined in PingFederate. You can also apply a policy to one or more user groups.
Define your PingID authentication policy in the PingID → POLICY tab, according to your unique security needs.
You can define a policy for high security applications and a separate policy for low security applications. You can apply a separate policy to your HR user group, IT user group, or Finance group.
Allowed authentication methods:
-
Define or limit the authentication methods that can be used per policy. For more information, see Policy and rule authentication methods. For example, define stronger authentication methods, such as fingerprint authentication, for high security apps and a wider range of allowed authentication methods for less sensitive apps.
Different subsets of rules can be configured, depending on whether the protected application is accessed through the web or a VPN or SSH.
The VPN and SSH policy can be applied globally by configuring one or more rules in the default policy. For more information, see VPN and SSH policy.
The web authentication policy can be applied either:
-
Globally using the default policy: The global (default) policy is only applied if no other web policy is defined or if no other web policy is applied during the authentication session. For more information, see Globally using the default policy.
-
Per application or group: for PingFederate applications, you can apply a policy to one or more applications or to one or more user groups or both. If more than one policy exists for an application or user group, the policies are applied in the order that they appear in the POLICY list, as outlined in the policy rules. For more information, see Per application or group.
For more information, see Web authentication policy.