Authentication method management
The PingOne Connector manages all mapped email and SMS multi-factor authentication (MFA) attributes.
Nicknames
PingOne assigns nicknames to authentication methods (also called "devices"). The nicknames are used to identify authentication methods on user-facing screens, such as the device selection screen.
The PingOne Connector uses nicknames when provisioning and synchronizing a user’s authentication methods.
The following are the "managed" nicknames used by the provisioning connector:
-
SMS 1
-
SMS 2
-
SMS 3
-
Email 1
-
Email 2
-
Email 3
-
Voice 1
-
Voice 2
-
Voice 3
Mapping attributes to nicknames
Each device nickname is associated with one attribute on the Attribute Mapping tab of the channel configuration. For example, the Email 3
nickname holds the value of the MFA Device
Email 3
attribute.
You can map these attributes in the Configuring a channel step of the setup process.
Synchronization
When synchronizing a user’s authentication methods, the provisioning connector behaves as follows:
Scenario | Action |
---|---|
|
The provisioner deletes and re-creates the device with the value from the datastore |
|
The provisioner deletes and re-creates the device with the appropriate managed nickname |
|
The provisioner does not make any changes |
Maximum number of authentication methods
Although the provisioning connector supports up to three SMS attributes, three email attributes, and three voice attributes, PingOne accepts a maximum of five authentication methods per user by default. This maximum can be adjusted in the PingOne settings.