1. On the PingFederate administrator console, go to Authentication > Policies > Fragments.
  2. Click Add Fragment.
  3. In the Name field, enter a name, such as PingOne Verify Fragment.
  4. From the Inputs list, select your input policy contract, such as PingOneVerifyInput.
  5. From the Outputs list, select your input policy contract, such as PingOneVerifyOutput.
  6. In the Policy area, select a PingOne Verify IdP Adapter instance.
    1. Under the PingOne Verify IdP Adapter instance, click Options.
    2. On the Options dialog, from the Source list, select Inputs.
    3. From the Attribute list, select the attribute that contains the user identifier, such as username.
    4. Select the User ID Authenticated check box.
    5. Click Done.
  7. For the Fail path, select Done.
  8. For the Success path, select your output policy contract, such as PingOneVerifyOutput.
  9. Configure the policy contract to include attributes from the input as well as from the PingOne Verify IdP Adapter.
    1. Under the output policy contract, click Contract Mapping.
    2. On the Contract Fulfillment tab, map the output attributes to allow the policy fragment to provide information, such as the transaction status and user identifier, to the authentication policy.
      Source Value
      Inputs email
      Inputs username
      Adapter (PingOne Verify IdP Adapter instance) transactionStatus
      Adapter (PingOne Verify IdP Adapter instance) subject
    3. Click Done.
  10. Click Save.