PingOne

Overview of the SSO flow

With the Magic Link Integration Kit, PingFederate sends a one-time link to the user as part of the sign-on flow.

Same device SSO flow description

The following figure shows how the Magic Link IdP Adapter is integrated into the sign-on process when the user authenticates on the same device:

The PingFederate sign-on flow including the Magic Link IdP Adapter when the user completes authentication on the same device.
  1. The user initiates single sign-on with PingFederate.

  2. The adapter gets the user’s contact information from a data store, an incoming user ID, or an attribute from earlier in the authentication flow.

  3. The adapter sends the user a one-time link in an email and presents the user with a template that instructs them to check their email.

  4. The user opens their email clicks the magic link in their inbox on the same device that they used to initiate the sign-on process.

  5. If Show Confirmation is enabled, the adapter presents the user with a template that requires user interaction to confirm authentication.

  6. The adapter validates whether the user has clicked the magic link.

  7. PingFederate grants access to the requested resource in the window where the user initiated the sign-on process.

Different device SSO flow description

The following figure shows how the Magic Link IdP Adapter is integrated into the sign-on process when the user authenticates on a different device:

The PingFederate sign-on flow including the Magic Link IdP Adapter when the user completes authentication on a different device.
  1. The user initiates single sign-on with PingFederate on one device, such as their laptop.

  2. The adapter gets the user’s contact information from a data store, an incoming user ID, or an attribute from earlier in the authentication flow.

  3. The adapter sends the user a one-time link in an email and presents the user with a template that instructs them to check their email.

  4. The user clicks the magic link in their inbox on a different device, such as their phone.

  5. If Show Confirmation is enabled, the adapter presents the user with a template that requires user interaction to confirm authentication on their secondary device.

  6. The adapter validates whether the user has clicked the magic link.

  7. PingFederate grants access to the requested resource on the user’s original device, in the window where the user initiated the sign-on process.

  8. The adapter directs the user to close the page on their secondary device and continue on their original device.