To enable passwordless authentication in a PingFederate authentication policy:
- Optional:
Create a policy contract:
- Go to .
- Click Create New Contract.
- Give the policy contract an appropriate name for the storage of attribute data. Click Next.
-
Specify any additional attributes if required outside of the
subject
attribute to be reused later within OAuth-OpenID Connect (OIDC) or SAML-WS-Federation processing. Click Next. - On the Summary page, click Save.
-
Create a local identity profile (LIP):
- Go to .
- Click Create New Profile.
- On the Profile Info tab, in the Local Identity Profile Name field, enter an appropriate name for the passwordless authentication processing.
- In the Authentication Policy Contract list, select an appropriate policy contract. If you created a new one, specify the policy contract from step 1. Click Next.
- For Authentication Sources, select Security Key and click Add. Click Next.
- On the Summary page, click Save.
-
Add the LIP to an available HTML Form IdP Adapter:
- Go to HTML Form IdP Adapter to use within PingFederate’s authentication policy that will contain a Passwordless Security Key option. and select an available
- Click IdP Adapter.
- Scroll down to the Local Identity Profile section, and in the list, select the LIP that you created in step 2.
- Click Save.
-
Create an authentication policy: