One-Time Passcode Integration Kit

Overview of the SSO flow

With the One-Time Passcode Integration Kit, PingFederate sends a one-time passcode (OTP) to the user as part of the sign-on flow.

The following figure shows how the One-Time Passcode IdP Adapter is integrated into the sign-on process:

The PingFederate sign-on flow including the One-Time Passcode IdP Adapter

Description

  1. The user initiates single sign-on with PingFederate and completes the first-factor authentication step, such as an HTML Form Adapter instance.

  2. If the adapter is configured to allow user selection:

    1. The adapter presents a list of OTP delivery methods to the user.

    2. The user selects an OTP delivery method.

  3. The adapter gets the user’s contact information from a data store or an attribute passed from earlier in the authentication flow.

  4. The adapter sends the user an OTP in an email, SMS message, or automated voice call.

  5. The user enters the OTP in the browser.

  6. The adapter validates the OTP.

  7. PingFederate grants access to the requested resource.