1. Click Access and then go to Authentication > Authentication Challenge Policies.
  2. Click + Add Authentication Challenge Policy.
  3. In the Name field, enter a unique name for the authentication challenge policy.
  4. Optional: In the Description field, enter a description for the authentication challenge policy.
  5. Optional: From the Challenge Response Mapping list, select a mapping type.
    1. If you selected Content Negotiation, in the Media Types list, select one or more media types.

      If the Accept header field in the request matches any of the specified media types, the mapping is applied.

    2. If you selected Header Fields, click + Add Row to add one or more rows, and then in the Name and Value Pattern fields, enter a name and value pattern and for each row.

      If all of the specified header fields in the request match the specified value patterns, the mapping is applied.

  6. Configure a challenge response generator for the challenge response mapping.
    1. From the Challenge Response Generator list, select a challenge response generator.
    2. If you selected Redirect Challenge, enter a Redirect URL and select a Response Code for the redirect.
    3. If you selected Templated Challenge, select a Response Code and Media Type for the template, then enter the template in the Template field.
    4. From the Challenge Response Filter list, select a challenge response filter.
      • If you selected Append Header Fields, click + Add Row, then enter a Name and Value in each row.

      The specified HTTP response header fields are appended to the authentication challenge response.

  7. Optional: To add additional challenge response mappings, click + Add Challenge Response Mapping, then repeat steps 5 through 6.
  8. In the Default Challenge Response section, select a default challenge response.

    This challenge response is used if no other challenge responses apply.

    1. From the Challenge Response Generator list, select a challenge response generator.
    2. If you selected Redirect Challenge, enter a Redirect URL and select a Response Code for the redirect.
    3. If you selected Templated Challenge, select a Response Code and Media Type for the template, then enter the template in the Template field.
    4. From the Challenge Response Filter list, select a challenge response filter.
      • If you selected Append Header Fields, click + Add Row, then enter a Name and Value in each row.

      The specified HTTP response header fields are appended to the authentication challenge response.

  9. Click Save.