An authentication policy enables you to use PingID to provide a secondary level of authentication (multi-factor authentication) to the single sign-on (SSO) process for your users, or for some subset of your users.
By default the policy is applied to all users and all applications, but you can filter the policy by user group, IP, and application.
The authentication policy is applied to any new SSO sessions for SAML or OpenID Connect applications. Applications that have been added to PingOne that use Basic SSO or an SSO URL cannot be included in the authentication context for the policy.
Once enabled, your PingOne authentication policy works in conjunction with any PingID policies you have configured. For more information, see PingID policy overview.
You can now configure PingID policies to further refine your secondary level of authentication. For more information, see Configure web authentication policy.
If want to apply the authentication policy to the admin portal, see SSO to the PingOne for Enterprise admin portal with multi-factor authentication.
If you're using the PingFederate identity bridge, see also SSO to the PingOne for Enterprise admin portal from PingFederate Bridge