Add an authentication requirements rule in PingAccess to limit access to resources or applications protected by PingAccess based on the access control rule (ACR) values returned by the PingFederate request AuthN context authentication selector.
Verify that you have:
- A PingFederate configuration that uses the
Requested AuthN Context Authentication Selector
- A configured authentication list
An authentication requirements rule allows authentication requirements to be applied when a policy decision is being made by the PingAccess engine, allowing an entire application or individual resources to require a particular authentication type.
This rule also allows for configurations that require more secure authentication
methods, such as
To ensure that step-up authentication is triggered, this rule should always be
positioned first in a list of rules, rule sets, or rule set groups, regardless
of whether the criteria is Any
or All
.
PingAccess uses rules to trigger different authentication paths in PingFederate. If the authentication requirements rule isn't the first item in a list, then it isn't sent to PingFederate in the initial request.