The Connection Set Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on a match found between the target SP connection used in an SSO request and SP connections configured within PingFederate. This selector allows you to override connection authentication selection on an individual connection basis in one or more authentication policies.

  1. Click Identity Provider > Selectors to open the Manage Authentication Selector Instances screen.
  2. On the Manage Authentication Selector Instances screen, click Create New Instance to start the Create Authentication Selector Instance configuration wizard.
  3. On the Type screen, configure the basics of this authentication selector instance.
  4. On the Authentication Selector screen, click Add a new row to 'Connections', select an SP connection from the list, and click Update.
  5. Optional: Repeat the previous step to add more connections.

    Display order does not matter.

    Use the Edit, Update, and Cancel workflow to make or undo a change to an existing entry. Use the Delete and Undelete workflow to remove an existing entry or cancel the removal request.

  6. To complete the configuration:
    1. Click Done on the Summary screen.
    2. Click Save on the Manage Authentication Selector Instances screen.

policy paths: When you place this selector instance as a checkpoint in an authentication policy, it forms two Yes and No. If the invoking SP connection matches one of the connections from the set, the selector returns true. The policy engine regains control of the request and proceeds with the policy path configured for the result value of Yes. If the invoking SP connection matches none of the connections from the set, the selector returns false. The policy engine regains control of the request and proceeds with the policy path configured for the result value of No.