- Select Identity Provider > Policies to open the Authentication Policies screen.
- Click Add Policy.
- Enter a name for the policy and optionally a description.
-
In the Policy list, click the down-arrow and select the
Identifier First Adapter that you configured in step 3.
Fail and Success fields appear.
- Under Fail, select Restart.
-
Under Success, click the down-arrow and select the
PingID Adapter that you configured in
step 4.
Fail and Success fields are displayed again.
- Under Fail, select Done.
-
Under Success, click the down-arrow, and select a Policy
Contract.
An example configuration is shown in the following figure.
-
Under the PingID adapter in the
Success field, click
Options.
-
In the Incoming User ID modal, select the Identifier
First Adapter for the Source and
subject for the
Attribute.
This configuration maps the user identifier to use with PingID MFA.
- Click Done.
-
Click Contract Mapping under the Policy Contract in the
Success field.
- Click Next to view the Contract Fulfillment screen.
-
Select the Identifier First Adapter for the Source and
subject for the
Attribute.
This configuration maps the attributes into your authentication policy contract.
- Click Next, and then click Next again to view the Summary screen.
- Click Done to save your contract mapping, and then click Done again to save your authentication policy.