Network-based adaptive authentication is useful when PingFederate must authenticate users differently based on their network location. A typical application of this use case is when users must authenticate differently, depending on whether they are accessing a service from the organization’s internal network or from the internet. For example, an organization might want to use Kerberos to authenticate internal users to provide a seamless single sign-on (SSO) experience while presenting a sign-on page for external users.

Network-based adaptive authentication is achievable on all supported versions of PingFederate. The examples shown make use of PingFederate 10.1. All capabilities are offered out-of-the-box and no additional or custom components are required to implement this solution.


PingFederate 10.1