Authentication method management
The PingOne Connector manages all mapped email and SMS multi-factor authentication (MFA) attributes.
Nicknames
PingOne assigns nicknames to authentication methods (also called devices) to identify them on user-facing screens, such as the device selection screen.
The PingOne Connector uses nicknames when provisioning and synchronizing a user’s authentication methods.
The "managed" nicknames used by the provisioning connector are:
-
SMS 1-
SMS 2 -
SMS 3
-
-
Email 1-
Email 2 -
Email 3
-
-
Voice 1-
Voice 2 -
Voice 3
-
Mapping attributes to nicknames
Each device nickname is associated with one attribute on the Attribute Mapping tab of the channel configuration. For example, the Email 3 nickname holds the value of the MFA Device Email 3 attribute.
You can map these attributes in the Configuring a channel procedure.
Synchronization
When synchronizing a user’s authentication methods, the provisioning connector behaves as follows:
| Scenario | Action |
|---|---|
A device exists with a managed nickname, but the value does not match the value in the datastore |
The provisioner deletes and re-creates the device with the value from the datastore |
A value matches between PingOne and the datastore, but the device uses an unmanaged nickname |
The provisioner deletes and re-creates the device with the appropriate managed nickname |
A device exists with an unmanaged nickname and the value does not match the value in the datastore |
The provisioner does not make any changes |
Maximum number of authentication methods
Although the provisioning connector supports up to three SMS attributes, three email attributes, and three voice attributes, PingOne accepts a maximum of five authentication methods per user by default. This maximum can be adjusted in the PingOne settings.