1. Sign on to the admin console.
  2. Go to Setup > PingID > Configuration.
  3. In the Evaluation section, select one of the following expiration policies:
    • To allow users to sign on to any service using only their first-factor authentication, click Allow Single Sign-On Without PingID. This is the default selection.
    • To enforce signing on with PingID when the evaluation period ends, click Decline Single Sign-On Attempts Using PingID.

    The selected expiration policy will only apply after the evaluation period expires.

    A screen capture of the Evaluation section in the Configuration tab.
  4. Click Save.