PingOne

Authentication method management

The PingOne Connector manages all mapped email and SMS multi-factor authentication (MFA) attributes.

Nicknames

PingOne assigns nicknames to authentication methods (also called "devices"). The nicknames are used to identify authentication methods on user-facing screens, such as the device selection screen.

The PingOne Connector uses nicknames when provisioning and synchronizing a user’s authentication methods.

The following are the "managed" nicknames used by the provisioning connector:

  • SMS 1

  • SMS 2

  • SMS 3

  • Email 1

  • Email 2

  • Email 3

  • Voice 1

  • Voice 2

  • Voice 3

Mapping attributes to nicknames

Each device nickname is associated with one attribute on the Attribute Mapping tab of the channel configuration. For example, the Email 3 nickname holds the value of the MFA Device Email 3 attribute.

You can map these attributes in the Configuring a channel step of the setup process.

Synchronization

When synchronizing a user’s authentication methods, the provisioning connector behaves as follows:

Synchronization scenarios
Scenario Action
  • A device exists with a managed nickname, but the value does not match the value in the datastore

The provisioner deletes and re-creates the device with the value from the datastore

  • A value matches between PingOne and the datastore, but the device uses an unmanaged nickname

The provisioner deletes and re-creates the device with the appropriate managed nickname

  • A device exists with an unmanaged nickname and the value does not match the value in the datastore

The provisioner does not make any changes

Maximum number of authentication methods

Although the provisioning connector supports up to three SMS attributes, three email attributes, and three voice attributes, PingOne accepts a maximum of five authentication methods per user by default. This maximum can be adjusted in the PingOne settings.