By modifying your PingFederate authentication policy to include the risk evaluation from PingOne Risk, you can dynamically change authentication requirements based on security risk level.
The steps in this topic assume that an HTML Form Adapter exists for login purposes. For more information on creating an HTML Form Adapter for login, see Configuring an HTML Form Adapter instance.
These steps are designed to help you add to an existing authentication policy. For general information about configuring authentication policies, see Authentication API in the PingFederate documentation.
When the authentication flow finishes, PingFederate informs PingOne Risk whether the user ultimately succeeded or failed. This is an important consideration when designing your authentication flow.
For example, a user receives a risk evaluation of
HIGH
, but ultimately completes the PingFederate
authentication policy successfully. Based on that success, PingOne Risk now considers the user authenticated and lowers
the risk evaluation to MEDIUM
or
LOW
on the next attempt.