By modifying your PingFederate authentication policy to include the PingOne Verify IdP Adapter, you can challenge users to verify their identity as part of the authentication process.
Use these steps to add to an existing authentication policy. For general information about configuring authentication policies, see Authentication Policies in the PingFederate documentation.
-
In the PingFederate administrative console, go to the
Policies tab.
- For PingFederate 10.1 or later: go to Authentication > Policies > Policies.
- For PingFederate 10.0 or earlier: go to Identity Provider > Authentication Policies > Policies.
- Select the IdP Authentication Policies check box.
-
Open an existing authentication policy, or click Add
Policy.
For more information, see Defining authentication policies in the PingFederate documentation.
-
In the Policy section, in the
Select list, select a PingOne Verify IdP Adapter
instance.
-
Map the PingOne
user ID
orusername
into the PingOne Verify IdP Adapter instance.
- Under the PingOne Verify IdP Adapter instance, click Options.
- On the Options window, in the Source list, select a previous authentication source that collects the PingOne user ID or username.
- In the Attribute list, select the user ID.
- For PingFederate 10.2 and later, select the User ID Authenticated check box.
- Click Done.
- Optional:
Define policy paths based on verification results.
Tip:
Depending on the failure mode settings in your adapter configuration, the adapter can potentially return a success result in the authentication policy even when the user verification process did not succeed. It can be useful to create separate policy paths for a successful adapter result and a successful user verification result.
- Under the PingOne Verify IdP Adapter instance, click Rules.
- On the Rules window, in the Attribute Name list, select transactionStatus.
- In the Condition list, select equal to.
-
In the Value field, enter
SUCCESS or
BYPASS.
- SUCCESS
- The user successfully verified their identity.
- BYPASS
- An error occurred and the verification process was not completed, but the adapter is configured to bypass verification and continue the authentication flow.
-
In the Result field, enter a name.
This appears as a new policy path that branches from the authentication source.
- To add more authentication paths, click Add and repeat steps a-e.
- Click Done.
-
Configure each of the authentication paths, including
Fail, Success, and any paths
that you defined in the Rules window.
- Click Done.
- In the Policies window, click Save.