PingOne MFA Integration Kit 2.5 (September 2024)
Added support for the PingOne FIDO Device Aggregation feature
New P14C-57629
Added support for the PingOne FIDO Device Aggregation feature. FIDO Device Aggregation is part of the FIDO policy in PingOne. When this feature is enabled and a user has multiple FIDO2 devices, the user will see only one passkey device on the device selection screen. This device is an aggregation of all the user’s FIDO2 devices. During authentication, the authenticator suggests the best-suited FIDO device to the user.
View PingOne mobile application name in authentication API response
New P14C-61861
You can now view the PingOne mobile application name in the PingFederate authentication API response.
View a OTP’s lifetime in the authentication API
New P14C-62073
The PingFederate authentication API response now includes a new field (called otpLifetime
) for the OTP_REQUIRED
status. The otpLifetime
field shows how long the OTP will remain valid.
Include more information in the PingOne logs for adapter authentication attempts
Improved P14C-44523
The PingOne MFA IdP adapter now forwards application and device information for authentication attempts made through the adapter to PingOne. To view this information in the PingOne admin console:
-
Go to Directory → Users and click on a user.
-
Click the Services tab, select Authentication, and go to the Sessions section.
Use dynamic linking to give a unique identifier to a FIDO device pairing attempt
Improved P14C-62023
Added the ability to give a unique identifier to a FIDO device pairing attempt. Learn more on dynamic linking in the “Use dynamic linking to give a unique identifier to a FIDO device authentication attempt” release note entry in PingOne MFA Integration Kit 2.4 (August 2024).
Upgraded TLS support
Security P14C-57813
The PingOne MFA IdP adapter now supports only TLS 1.2 and later.
Fixed double AUTHENTICATION_REQUIRED
response
Fixed P14C-51451
Fixed an issue that caused the AUTHENTICATION_REQUIRED
response to be returned twice for some specific scenarios in the PingFederate authentication API.
Fixed an authentication API response for selectDevice
when OTP limit is reached
Fixed P14C-56520
Fixed an issue that caused the authentication API to provide an incorrect error response when a user switched from a mobile device to an OTP-based device and reached the OTP limit (as defined in notification policies in the PingOne admin console). OTP-based devices include:
-
SMS
-
Voice
-
Email
-
WhatsApp
Fixed an issue with locked OTP-based devices in HTML templates
Fixed P14C-59939
Fixed an issue that caused the HTML template to allow users to keep entering OTPs (which wouldn’t actually be submitted) after they became locked out from a device. Now, when a user is locked out, the adapter displays a new screen to inform the user that the device is locked and present a Change Device button.