--- title: Configuring email authentication for PingID description: If you have users who use devices that don't support the PingID mobile application, or you want to provide users with an additional authentication option, you can enable email authentication. component: pingid page_id: pingid:pingid_service_management:pid_configuring_email_authentication_for_pid canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_email_authentication_for_pid.html revdate: August 4, 2024 section_ids: configuring-email-authentication: Configuring email authentication about-this-task: About this task steps: Steps email-customization: Email customization editing-the-template-for-a-new-authentication-request: Editing the template for a new authentication request editing-the-template-for-email-pairing: Editing the template for email pairing --- # Configuring email authentication for PingID If you have users who use devices that don't support the PingID mobile application, or you want to provide users with an additional authentication option, you can enable email authentication. When email authentication is configured, and the user signs on to their account or app, they are sent an email with a 6-digit one-time passcode (OTP) to authenticate with. The OTP is valid for up to 30 minutes. For information about the user experience, see the [PingID End User Guide](http://docs.pingidentity.com/pingid-user-guide/). | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To prevent users from registering their device for Email authentication, and allow existing users to continue to authenticate, see [Disabling pairing for a specific authentication method](pid_disabling_pairing_specific_authentication_method.html). This option is useful if you want to phase out Email authentication, in favor of more secure authentication methods. | ## Configuring email authentication ### About this task ### Steps 1. In the PingOne admin portal, go to **Setup → PingID → Configuration**. 2. Go to the **Alternate Authentication Methods** section. ![A screen capture of the Alternate Authentication Methods section.](_images/vkb1564020562147.png) 3. In the **Email** row, select the **Enable** check box. 4. Configure email authentication according to the following table. | Check box | Description | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Pre-Populate** | To pre-populate the user's field with the email address stored in your user directory, in the **Email** row, select the **Pre-Populate** check box. For more information, see [Pre-populating or restricting user registration data](pid_prepopulating_or_restricting_user_registration_data.html). | | **Restrict** | To restrict the user to select only the email address stored in your user directory, in the **Email** row, select the **Restrict** check box. For more information, see [Pre-populating or restricting user registration data](pid_prepopulating_or_restricting_user_registration_data.html). | | **Backup Authentication** | To enable email as a backup authentication method, in the **Email** row, select the **Backup Authentication** check box. For more information, see [Configuring backup authentication methods](pid_configuring_backup_authentication_methods.html). You can enable email for backup authentication, even if the Enable check box is not selected in the Email row. | 5. Click **Save**. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you use email for PingID OTP, for guidance to ensure that your email system will allow delivery of OTP messages, see . | ## Email customization Four email customizations are available: 1. Customize the email "From" address to change the default address of `noreply@pingidentity.com` to `noreply@yourdomain.com`. 2. Customize the email "Replyto" address to change the default address of `noreply@pingidentity.com` to `noreply@yourdomain.com`. 3. Customize the email "Subject" line. | | | | - | --------------------------------------------------------------------------------------------------------------------------------- | | | To change items 1 to 3 above, sign on to the [Ping Identity Support Portal](https://support.pingidentity.com/s/) and open a case. | 4. Customize the email message body. PingID supplies templates to customize the body of notification mails. To download the templates, see [PingID email templates](https://download.pingidentity.com/public/PingID/PingID-Email-Templates.zip). Download the `.zip` file and extract it. The included `readme.txt` file contains a directory list of templates. ### Editing the template for a new authentication request Open the `New Email Authentication Request.html` file in a text editor. The template is shown in the following image. ![A screen capture of the email message sent to end users when authenticating. It includes a one-time password.](_images/qvj1582118671068.png) This template has two variables, `${one-time-passcode}` and `${service-provider}`. You can replace any of the HTML content, as long as you retain the `${one-time-passcode}` variable. The `${service-provider}` and `${current-year}` variables are optional. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you include images in any templates, they must be URL references to publicly available assets. Ping Identity does not host the images used in templates. | After making your changes, contact [PingID Customer Support](https://www.pingidentity.com/en/support/customer-support.html) to upload the template. ### Editing the template for email pairing Open the `Email Authentication Pairing.html` file in a text editor. The template is shown in the following image. ![A screen capture of the email message sent to end users when pairing. It contains a one-time passcode.](_images/ljd1582728727349.png) This template has one mandatory variable, `${one-time-passcode}`. You can replace any of the HTML content, as long as you retain the `${one-time-passcode}` variable. The `${current-year}` variable is optional. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you include images in any templates, they must be URL references to publicly available assets. Ping Identity does not host the images used in templates. | After making your changes, contact [PingID Customer Support](https://www.pingidentity.com/en/support/customer-support.html) to upload the template.