1. On the Inbound Mapping screen, configure the attribute mappings for registration and profile management.
    At runtime, PingFederate fulfills the value of the pf.local.identity.unique.id built-in local identity field based on this configuration and passes the value to PingDirectory . PingDirectory uses this value to determine whether such identity has already been created. The pf.local.identity.unique.id field value should therefore be mapped from the subject identifier of the preceding authentication source.

    Other local identity fields can also be mapped so that PingFederate can streamline the registration process by pre-populating values on the registration page.


    This configuration overrides the default field values configured within the local identity profile (see Configure a local identity field).

    This screen does not apply and stays hidden if your use case does not involve registration and profile management (see Enabling third-party identity providers without registration).
  2. Optional: On the Attribute Sources & User Lookup screen, click Add Attribute Source to configure datastore queries.
  3. On the Contract Fulfillment screen, fulfill the authentication policy contract associated with the selected local identity profile.
    If the selected closed-ended path contains more than one authentication source, you have access to attributes obtained successfully from the previous authentication sources along the same path.

    For example, select your local identity profile under Source and the desired local identity field under Value.


    If your use case does not involve registration or profile management, the source of fulfillment is limited to the preceding IdP connection or IdP adapter instance, dynamic text, attribute mapping expression (if enabled), and tracked HTTP request parameter (if configured).

  4. Optional: On the Issuance Criteria screen, configure conditions to be validated before issuing an authentication policy contract (see Defining issuance criteria for contract or local identity mapping).
  5. On the Summary screen, review your configuration, modify as needed, and then click Done.
  6. On the Policy screen, continue with the rest of your policy configuration.