---
title: Overview of the SSO flow
description: With the One-Time Passcode Integration Kit, PingFederate sends a one-time passcode (OTP) to the user as part of the sign-on flow.
component: otp
page_id: otp::pf_otp_ik_overview_of_the_sso_flow
canonical_url: https://docs.pingidentity.com/integrations/otp/pf_otp_ik_overview_of_the_sso_flow.html
revdate: April 14, 2025
section_ids:
  description: Description
---

# Overview of the SSO flow

With the One-Time Passcode Integration Kit, PingFederate sends a one-time passcode (OTP) *(tooltip: \<div class="paragraph">
\<p>A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\</p>
\</div>)* to the user as part of the sign-on flow.

The following figure shows how the One-Time Passcode IdP Adapter integrates with the sign-on process:

![The PingFederate sign-on flow including the One-Time Passcode IdP Adapter](_images/SSO_flow_diagram.jpg)

## Description

1. The user initiates single sign-on (SSO) with PingFederate and completes the first-factor authentication step, such as an HTML Form Adapter instance.

2. If the adapter is configured to allow user selection:

   1. The adapter presents a list of OTP delivery methods to the user.

   2. The user selects an OTP delivery method.

3. The adapter gets the user's contact information from a datastore or an attribute passed from earlier in the authentication flow.

4. The adapter sends the user an OTP in an email, SMS message, or automated voice call.

5. The user enters the OTP in the browser.

6. The adapter validates the OTP.

7. PingFederate grants access to the requested resource.