The integrated Username Token Processor accepts and validates username security tokens.

  • On the Instance Configuration screen, configure the basics of this token processor instance.
    1. If you have not yet defined the desired Password Credential Validator instance, click Manage Password Credential Validators to do so.
    2. Click Add a new row to 'Credential Validators' to select a credential-authentication mechanism instance for this adapter instance.
    3. Select a Password Credential Validator instance from the list and click Update.
      Add as many validators as necessary. Use the up and down arrows to adjust the order in which you want PingFederate to attempt credential authentication. If the first mechanism fails to validate the credentials, PingFederate moves sequentially through the list until credential validation succeeds. If none of the Password Credential Validator instances is able to authenticate the user's credentials, and the challenge retries maximum has been reached, the process fails.

      If usernames overlap across multiple Password Credential Validator instances, this failover setup could lockout those accounts in their source locations.

    4. Enter a value in the Authentication Attempts field.

      When the number of login failures reaches this threshold, the user is locked out for a period time.

      The default value is 3.