In general, for identity provider (IdP) browser single sign-on (SSO) use cases, if you select authentication policy contracts in your authentication policies then you must map the authentication policy contracts to the applicable SP connections.

  1. Go to Applications > Integration > SP Connections.
  2. Select the applicable SP connection from the list of connections.
  3. On the Activation & Summary tab, click Authentication Source Mapping.
  4. Click Map New Authentication Policy and use the in-product help on each screen as needed to map the authentication policy contract into the SP connection.

Similarly, to reuse an authentication policy for browser-based OAuth authorization code and implicit flows, map the authentication policy contract to the applicable browser SSO connections and OAuth grant-mapping configuration. For more information, see Managing authentication policy contract grant mapping.