Integrate PingID with your VPN

This section details the configuration required to integrate PingID Multi-Factor authentication (MFA) into your VPN or remote access system. This involves configuration of the following elements:

This video describes the general process:

Before you start

Make sure that:

  • Your organization has an active PingID account.
  • Your organization has installed and configured PingFederate. For instructions about how to set up PingFederate, see Installing PingFederate.
  • PingFederate is configured with an LDAP Password Credential Validator (PCV). For instructions about how to configure the LDAP PCV, see Configuring the LDAP Credential Validator.
  • You have the administrator credentials for the PingFederate Administrator console.
  • You have the administrator credentials for your organization’s PingOne Admin Portal.

How it works

The following flow diagram represents a general flow. The actual configuration will vary depending on your organizational infrastructure considerations and policies.

  1. When a user opens their VPN login window (IPSec or SSL VPN) and enters a username and password, their details are sent to the RADIUS Server on PingFederate via the VPN RADIUS client.
  2. PingFederate authenticates the user’s credentials with the LDAP Server as a first-factor authentication.
  3. Upon LDAP authentication approval, the RADIUS server initiates a second authentication with PingID.
  4. The RADIUS server returns a response to the VPN. If authentication is denied or an error occurs, a message is displayed on the user’s VPN window.
Your Rating: