--- title: Associating an authentication policy with a web app description: Depending on the sensitivity of information and processing capabilities of each application, an organization can determine that multi-factor authentication (MFA) requirements for some applications are more stringent than for others. component: pingone page_id: pingone:applications:p1_mfa_associating_sign_on_policy_with_web_app canonical_url: https://docs.pingidentity.com/pingone/applications/p1_mfa_associating_sign_on_policy_with_web_app.html revdate: September 12, 2024 section_ids: associating-your-authentication-policy-with-your-web-app-console: Associating your authentication policy with your web app console before-you-begin: Before you begin about-this-task: About this task steps: Steps example: Example: next-steps: Next steps associating-your-authentication-policy-with-your-web-app-api-alternative: Associating your authentication policy with your web app API alternative about-this-task-2: About this task steps-2: Steps next-steps-2: Next steps --- # Associating an authentication policy with a web app Depending on the sensitivity of information and processing capabilities of each application, an organization can determine that multi-factor authentication (MFA) requirements for some applications are more stringent than for others. PingOne provides the capability to define multiple MFA sign-on policies. You can configure one application to use a particular sign-on policy and another application to use a different policy. The authentication flow is configured at the application level through a sign-on policy. If you don't assign a sign-on policy to your web application, it uses the environment's default sign-on policy. You can create multiple sign-on policies and associate them with different OpenID Connect (OIDC) applications. You can also associate multiple sign-on policies with a single application. Policies are applied in the order in which they appear in the list. PingOne evaluates the first policy in the list first. If the requirements of the policy are not met, PingOne moves to the next policy in the list. * Console * API alternative ## Associating your authentication policy with your web app console ### Before you begin Before assigning your authentication policy with a web app, first create the application. Learn more in [Configuring web applications](p1_strong_auth_configuring_web_apps.html). ### About this task You can find information about how to perform this task from the API in [POST: Create SOP Assignment](https://developer.pingidentity.com/pingone-api/platform/applications/application-sign-on-policy-assignments/create-sop-assignment.html). ### Steps 1. Go to **Applications > Applications**. 2. Locate your web application and click it to open the details panel. 3. Click the **Policies** tab. 4. Click the **Pencil** icon to enter edit mode. 5. In the **PingOne Policies** list, locate the policy you created in the previous step. #### Example: For example, **MFA-only**. 6. Select the checkbox for the appropriate policy. 7. Click **Save**. ### Next steps [Create a user](../directory/p1_adduser.html) ## Associating your authentication policy with your web app API alternative ### About this task Application developers can use the API operations to associate a sign-on policy with an application. ### Steps * Use the access token generated through the worker app and the following `POST` operation to assign the new authentication policy to an application: ``` POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{appID}}/signOnPolicyAssignments ``` See [POST: Create SOP Assignment](https://developer.pingidentity.com/pingone-api/platform/applications/application-sign-on-policy-assignments/create-sop-assignment.html). ### Next steps [Create a user](../directory/p1_adduser.html)