The authentication policy checks if the user has an existing authentication session. If they do, the user is sent to the corresponding adapter, allowing them to bypass the Identifier First Adapter. If they do not, they are prompted by the Identifier First Adapter to submit their email address to determine if they should be routed to the corporate or non-corporate adapter. For more information, see Policies.
- In the PingFederate administrative console, go to and click Add Policy.
Enter a name for your policy, and in the Policy list,
select your newly created Session Authentication Selector.
The policy branches are created based on the result values set for each authentication source in the selector.
Select the appropriate adapter in the list of each branch:
- Under the Fail list, click Done.
- In the Success list, select your policy contract mapping setting.
- In the No Session list, select your newly created Identifier First adapter.
Under the No Session list, click