Creating an authentication policy in PingFederate - PingFederate

Use Cases

bundle
solution-guides
ft:publication_title
Use Cases
Product_Version_ce
category
ContentType
howtodoc
ContentType_ce
How-to

Component

  • PingFederate 10.3

Before creating the policy, you must have an Identifier First Adapter instance and an HTML Form Adapter configured. For more information, see Configuring an Identifier First Adapter instance and Configuring an HTML Form Adapter instance.

For information on authentication policies, see Defining authentication policies.

  1. Go to Authentication > Policies > Policies, and then click Add Policy.
  2. From the Policy list, select IdP Adapters and then select your Identifier First Adapter instance.
  3. Click Rules and configure the sign-on flow for users according to the following example.

    This determines which IdP the user will authenticate against.


    A screen capture of the Rules modal showing four columns: Attribute Name, Condition, Value, and Result.
  4. Configure the authentication policy according to the following example.

    A screen capture of the Policy window. Company A and Company B have different authentication flows, defined by the respective Fail and Success lists. Company A users will sign on with PingFederate credentials against Company A's data store. Company B users will be redirected to their IdP sign-on page.
  5. Click Done.

When users from Company B sign-on using their IdP, the IdP sends the assertion to the PingFederate SP endpoint. PingFederate provides the necessary attributes to the IdP endpoints, which are then used to generate an authentication response to Company A's application.