• PingFederate must determine if a user is inside your internal network. You must know CIDR network ranges that identify your internal network.
  • Upon identifying the network location of your user, you must know how you intend on authenticating your user in each case.
    • Configure authentication adapters, such as the Kerberos adapter and the HTML form adapter, along with their dependencies (Kerberos Realms and password credential validators (PCVs), respectively).
  • Define an authentication policy contract to allow the outcome of the authentication process to be mapped into your SAML connections or OAuth environment.
  1. In the PingFederate administrative console, go to Authentication > Policies > Selectors.
  2. To create a new selector, click Create New Instance.
  3. Configure the Type window.
    1. In the Instance Name field, enter an instance name.
    2. In the Instance ID field, enter the instance ID.
    3. From the Type list, select CIDR Authentication Selector.
    4. Click Next.
      Screen capture illustrating the Selector Type fields of Instance Name, Instance ID, and Type
  4. Configure the Authentication Selector window.
    1. Click Add a new row to 'Networks'.
    2. In the Network Range (CIDR notation) field, enter the CIDR ranges that identify your internal network address ranges.
      Screen capture illustrating the Network Range fields on the Authentication Selector tab. After the Network Range fields is a hyperlink option to Add a new row to Networks, which allows you to add additional network address ranges.
    3. To save your network, click Update.
    4. Optional: In the Result Attribute Name field, enter an attribute name.
    5. Click Next.
  5. On the Summary window, click Done.
  6. Click Save.