1. Select Identity Provider > Policies to open the Authentication Policies screen.
  2. Click Add Policy.
  3. Enter a name for the policy and optionally a description.
  4. In the Policy list, click the down-arrow and select the Identifier First Adapter that you configured in step 3.
    Fail and Success fields appear.
  5. Under Fail, select Restart.
  6. Under Success, click the down-arrow and select the PingID Adapter that you configured in step 4.
    Fail and Success fields are displayed again.
  7. Under Fail, select Done.
  8. Under Success, click the down-arrow, and select a Policy Contract.
    An example configuration is shown in the following figure.

  9. Under the PingID adapter in the Success field, click Options.


  10. In the Incoming User ID modal, select the Identifier First Adapter for the Source and subject for the Attribute.
    This configuration maps the user identifier to use with PingID MFA.

  11. Click Done.
  12. Click Contract Mapping under the Policy Contract in the Success field.


  13. Click Next to view the Contract Fulfillment screen.
  14. Select the Identifier First Adapter for the Source and subject for the Attribute.
    This configuration maps the attributes into your authentication policy contract.

  15. Click Next, and then click Next again to view the Summary screen.
  16. Click Done to save your contract mapping, and then click Done again to save your authentication policy.