These steps are designed to help you add to an existing authentication policy. For general information about configuring authentication policies, see Authentication Policies in the PingFederate documentation.

  1. On the PingFederate administrative console, go to the Policies tab.
    • For PingFederate 10.1 or later: go to Authentication > Policies > Policies.
    • For PingFederate 10.0 or earlier: go to Identity Provider > Authentication Policies > Policies.
  2. Select the IdP Authentication Policies check box.
  3. Open an existing authentication policy, or click Add Policy. See Defining authentication policies in the PingFederate documentation.
  4. In the Policy area, from the Select list, select a PingOne Verify IdP Adapter instance.

    Adding the PingOne Verify IdP Adapter to the authentication policy
  5. Map the PingOne user ID or username into the PingOne Verify IdP Adapter instance.

    Passing the user ID from the first-factor authentication adapter to the PingOne Verify IdP Adapter
    1. Under the PingOne Verify IdP Adapter instance, click Options.
    2. On the Options dialog, from the Source list, select a previous authentication source that collects the PingOne user ID or username.
    3. From the Attribute list, select the user ID.
    4. For PingFederate 10.2 and later, select the User ID Authenticated check box.
    5. Click Done.
  6. Optional: Define policy paths based on verification results.
    Tip: Depending on the failure mode settings in your adapter configuration, the adapter can potentially return a "success" result in the authentication policy even when the user verification process did not succeed. It can be useful to create separate policy paths for a successful adapter result and a successful user verification result.

    Screen shot that shows the Rules dialog in the authentication policy with two paths configured based on the transactionStatus attribute.
    1. Under the PingOne Verify IdP Adapter instance, click Rules.
    2. On the Rules dialog, in the Attribute Name list, select policyDecision.
    3. In the Condition list, select equal to.
    4. In the Value field, enter SUCCESS or BYPASS.
      The user successfully verified their identity.
      An error occurred and the verification process was not completed, but the adapter is configured to bypass verification and continue the authentication flow.
    5. In the Result field, enter a name. This appears as a new policy path that branches from the authentication source.
    6. If you want to add more authentication paths, click Add and repeat steps a-e.
    7. Click Done.
  7. Configure each of the authentication paths, including Fail, Success, and any paths that you defined in the Rules dialog.

    The complete authentication policy
  8. Click Done.
  9. In the Policies window, click Save.