Build and deploy a simple example of a custom authentication policy in PingFederate when there are multiple user types that need different authentication flows.
Make sure you have the following:
- PingFederate 10 or later with administrator access to web console
- PingID for multi-factor authentication (MFA)
- HTML Form identity provider (IdP) adapter
- Simple password credential validator (PCV)
- A second SimpleForm (HTML Form adapter) instead of PingID
- IdP connection
Authentication policies are an optional configuration in PingFederate and help administrators implement complex authentication requirements.
A simple example of a custom authentication policy is having PingID act as a second-factor authentication event that triggers after a username and password form.
Consider a custom policy when there are multiple user types that need different authentication flows, or if you want to chain together two types of authenticators, such as username and password with MFA.
- In the PingFederate administrative console, go to .
- In the Authentication Policies window, click Add Policy.
- In the Name field, enter a policy name.
- In the Description field, enter a description.
From the Policy list, select a previously created
- IdP Adapter
- IdP Connection
In the Fail field, click
This means if the user fails authenticating the SimpleForm, their single sign-on (SSO) session ends.
From the Success list, select the PingID Adapter. Additional
Fail/Success lists will appear.
- Click Options.
In the Incoming User ID window, from the
Source list, select Adapter
(SimpleForm) and from the Attribute list,
- Click Done.
After the Success list, set the
Fail and Success lists to
The custom policy appears in the Policies window in the Policy list.
- Click Done.
To save and enable the new policy, click Save.