Create a web authentication policy and apply it to one or more applications, one or more user groups, or both.
Configure various policies that are tailor made for your system. For example, you can configure a policy for your HR group that applies to several sensitive HR-related apps only. You could create three different policies for a high security app, giving different authentication policies to the Management group, the General User group, and the Contractor group.
If an app or group is included in more than one policy, only the first policy in which it is listed will be applied. If no policy exists for a specific application when a user signs on and attempts to access that application, the global policy (default policy) is applied.
If you are interested in using the PingID API to create and update web authentication policies, see Web Authentication Policy API.
The following apps appear in the Policy Apps list by default:
- AD FS: Enables you to apply an authentication policy to users when Microsoft AD FS is the identity provider (IdP). For more information, see Integrate PingID with AD FS.
- Admin Portal: Enables you to apply an authentication policy to admins when accessing the admin portal.
- Azure AD: Enables you to apply an authentication policy to users when Microsoft Azure AD is the IdP. For more information, see Integrate PingID with Azure AD.
- Device Management: Enables you to apply an authentication policy to users when they authenticate to PingID's out of the box Devices page. The Devices page is used to add, remove, or change the devices a user has associated with their account. For more information, see Managing your devices.
- Password Reset: Enables you to apply an authentication policy to users requesting a password reset using the self-service password reset service from PingFederate. This service is accessed through the password reset link that appears on the sign on page when PingFederate is the IdP. For more information, see Configure self-service password reset.
The default policy is a global policy that defines the rules that will be applied to any application in your organization where an application-specific policy is not defined. For more information, see Configure a global authentication policy.
To ensure the policy is applied to your organization, go to Enforce Policy is set to Enabled.
and ensure