---
title: Build a custom sign-on policy
description: Learn how to build a custom sign-on policy that uses multi-factor authentication.
component: pingone
page_id: pingone:pingone_tutorials:p1_p1tutorial_build_custom_policy
canonical_url: https://docs.pingidentity.com/pingone/pingone_tutorials/p1_p1tutorial_build_custom_policy.html
revdate: November 13, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Build a custom sign-on policy

Learn how to build a custom sign-on policy that uses multi-factor authentication (MFA).

## About this task

This tutorial walks you through the creation of an MFA sign-on policy that you can apply to an application to secure access.

## Steps

1. In the PingOne admin console, go to **Authentication > Authentication**.

2. Click **[icon: plus, set=fa]Add Policy**.

   ![A screen capture showing the Authentication Policies page.](_images/mtl1699303551918.png)

3. Enter a **Policy Name**.

4. Select a **Step Type** of **Identifier First**.

5. Click **Add Step**.

6. Select a **Step Type** of **Multi-factor Authentication**.

7. For **MFA Policy**, select **Default MFA Policy**.

8. (Optional) Specify **Required When** criteria for the policy.

   For example, you can specify that the policy is required when users are members of a particular population.

   ![A screen capture showing the authentication policy page](_images/xni1699303847012.png)

9. To test the policy, assign it to an application on the application's **Policy** tab and access the application.

   ![A screen capture showing the Edit policies page](_images/kxn1676309960100.png)