By modifying your PingFederate authentication policy to include the risk evaluation ("LOW", "MEDIUM", and "HIGH") from PingOne Protect, you can dynamically change authentication requirements based on security risk level.
These steps are designed to help you add to an existing authentication policy. For general information about configuring authentication policies, see Authentication API in the PingFederate documentation.
For new deployments, you should allow for a training period. To do this, configure your policy to pass traffic through the PingOne Protect IdP Adapter and continue regardless of the risk evaluation result. When you are ready to end the training period, adjust your authentication policy as described here.
When the authentication flow finishes, PingFederate informs PingOne Protect whether the user ultimately succeeded or failed. This is an important consideration when designing your authentication flow.
For example, a user receives a risk evaluation of HIGH, but ultimately completes the PingFederate authentication policy successfully. Based on that success, PingOne Protect now considers the user authentic and lowers the risk evaluation to MEDIUM or LOW on the next attempt.