PingOne

Magic Link IdP Adapter settings reference

Field descriptions for the Magic Link IdP Adapter configuration screen.

Standard fields
Field Description

Notification Publisher

Select the notification publisher that sends the one-time link to the user.

Link Expiration

Define the duration, in minutes, that the magic link remains valid.

Attribute Source

The source of the preferred delivery method and contact attributes.

Select a data store, or:

  • Select Chained Attributes if the adapter receives the attributes from earlier in the authentication flow.

  • Select Incoming User ID if the adapter receives the username from the user ID mapping.

Email Attribute Name

The attribute that the notification publisher uses to email the user. For example, email or mail.

This attribute can be from a data store or from earlier in the authentication flow.

If the Attribute Source field is set to Incoming User ID, the adapter ignores the Email Attribute Name field.

Search String

The string that the adapter uses to search the data store to find the user.

  • For JDBC, enter a select statement. For example, select email, phone from <db.table> where username=${userid}.

  • For LDAP, enter an LDAP filter. For example, sAMAccountName=${userid}.

  • For a PingOne data store, enter the attribute. For example, username=${userid} or id=${userid}.

  • For REST API data stores, enter the resource path that’s appended to the base URL of the REST API data store. For example, /users?uid=${userid}.

The ${userid} variable contains the user ID. Your adapter instance receives this from earlier in your PingFederate authentication flow.

If the Attribute Source field is set to Chained Attributes or Incoming User ID, the adapter ignores the Search String field.

Base DN

The base DN that the adapter uses when connecting to an LDAP data store.

If the Attribute Source field is set to Chained Attributes or Incoming User ID, the adapter ignores the Base DN field.

Notification Publisher Failure Mode

Determines whether the user authentication flow continues or fails when the notification publisher fails.

If you select Continue, the Magiclink.status contract attribute records either BYPASS or SUCCESS. This can indicate when a notification publisher failure has occurred. Configure a rule using this attribute to create a backup authentication method.

Show Confirmation

Determines whether PingFederate shows a template or state that requires user interaction after clicking a magic link.

Select this checkbox if email scanners are in use, or if links are pre-clicked in the user’s inbox through some other means.
Advanced fields
Field Description

Magic Link Endpoint

The endpoint that the magic link goes to.

The default value is /onetime-link.

Magic Link API Endpoint

The API endpoint that the front end can use to poll magic link status.

The default value is /onetime-link-api.

Test User ID

The user ID that’s used to test the configuration on the Actions tab.

This field is blank by default.

Show Email

Determines whether the adapter shows the masked email that magic links are sent to in templates and API responses.

This checkbox is selected by default.

HTML Template Prefix

Identifies the HTML templates that the adapter uses.

If you added a template file name in the /server/default/conf/template directory, enter the new prefix here.

The default value is magic-link.

Messages File

Identifies the customizable language-pack file that the adapter uses for HTML templates.

If you added a language-pack file name in the /server/default/conf/language-packs directory, enter the new name here.

The default value is magic-link-messages.

Email Template

Identifies the email template that the adapter uses to send the magic link.

If you added a language-pack file name in the /server/default/conf/template/mail-notifications directory, enter the new name here.

The default value is pingfederate.magiclink.adapter.template.html.

LDAP Search Scope

When the Attribute Source is an LDAP data store, this setting determines the scope of the user search.

Single Level

Searches the immediate children of the base object, but excludes the base object itself.

Include Subtree (default)

Searches all child objects as well as the base object.