Define authentication policy rules using attributes from any of the previous Authentication Sources, Extended Properties, Tracked HTTP Parameters or context. Each rule is evaluated to determine the next action in the policy. If all the rules fail, you may choose to default to the general Success action or Fail.