These steps are designed to help you add to an existing authentication policy. For general information about configuring authentication policies, see Authentication API in the PingFederate documentation.

  1. On the PingFederate administrative console, go to the Policies tab.
    • For PingFederate 10.1 or later: go to Authentication > Policies > Policies.
    • For PingFederate 10.0 or earlier: go to Identity Provider > Authentication Policies > Policies.
  2. Select the IdP Authentication Policies check box.
  3. Open an existing authentication policy, or click Add Policy.

    For help, see Defining authentication policies in the PingFederate documentation.

  4. In the Policy area, from the Select list, select the X.509 Certificate Adapter instance that you created in Create an X.509 Certificate Adapter instance.
  5. In the X.509 Fail section, configure the failure result.
  6. In the X.509 Success section, select the Workspace ONE IdP Adapter instance that you created in Configuring a Workspace ONE IdP Adapter instance. Click Options.
  7. On the Incoming User ID dialog, in the Source list, select the X.509 Certificate Adapter instance.
  8. In the Attribute list, select the attribute that you added to the extended contract of the X.509 Certificate Adapter instance. Click Done.
  9. In the Workspace ONE IdP Adapter Fail section, configure the failure result.
  10. In the Workspace ONE IdP Adapter Success section, select the policy contract that you created in Create a policy contract.
  11. Click Contract Mapping.
  12. On the Contract Fulfillment tab, in the Source list, select the X.509 Certificate Adapter instance.
  13. In the Value list, select the attribute that contains the Workspace ONE device ID.
  14. Click Done. In the Policies window, click Save.