PingOne

PingOne MFA Integration Kit 2.5 (September 2024)

Added support for the PingOne FIDO Device Aggregation feature

New P14C-57629

Added support for the PingOne FIDO Device Aggregation feature. FIDO Device Aggregation is part of the FIDO policy in PingOne. When this feature is enabled and a user has multiple FIDO2 devices, the user will see only one passkey device on the device selection screen. This device is an aggregation of all the user’s FIDO2 devices. During authentication, the authenticator suggests the best-suited FIDO device to the user.

View PingOne mobile application name in authentication API response

New P14C-61861

You can now view the PingOne mobile application name in the PingFederate authentication API response.

View a OTP’s lifetime in the authentication API

New P14C-62073

The PingFederate authentication API response now includes a new field (called otpLifetime) for the OTP_REQUIRED status. The otpLifetime field shows how long the OTP will remain valid.

Include more information in the PingOne logs for adapter authentication attempts

Improved P14C-44523

The PingOne MFA IdP adapter now forwards application and device information for authentication attempts made through the adapter to PingOne. To view this information in the PingOne admin console:

  1. Go to Directory → Users and click on a user.

  2. Click the Services tab, select Authentication, and go to the Sessions section.

Use dynamic linking to give a unique identifier to a FIDO device pairing attempt

Improved P14C-62023

Added the ability to give a unique identifier to a FIDO device pairing attempt. Learn more on dynamic linking in the “Use dynamic linking to give a unique identifier to a FIDO device authentication attempt” release note entry in PingOne MFA Integration Kit 2.4 (August 2024).

Upgraded TLS support

Security P14C-57813

The PingOne MFA IdP adapter now supports only TLS 1.2 and later.

Fixed double AUTHENTICATION_REQUIRED response

Fixed P14C-51451

Fixed an issue that caused the AUTHENTICATION_REQUIRED response to be returned twice for some specific scenarios in the PingFederate authentication API.

Fixed an authentication API response for selectDevice when OTP limit is reached

Fixed P14C-56520

Fixed an issue that caused the authentication API to provide an incorrect error response when a user switched from a mobile device to an OTP-based device and reached the OTP limit (as defined in notification policies in the PingOne admin console). OTP-based devices include:

  • SMS

  • Voice

  • Email

  • WhatsApp

Fixed an issue with locked OTP-based devices in HTML templates

Fixed P14C-59939

Fixed an issue that caused the HTML template to allow users to keep entering OTPs (which wouldn’t actually be submitted) after they became locked out from a device. Now, when a user is locked out, the adapter displays a new screen to inform the user that the device is locked and present a Change Device button.

Fixed issues on the device selection screen

Fixed P14C-64209

Fixed an issue that caused the device selection screen to unmask the device’s information improperly when the user was returning to the device selection screen from the Add method screen and the bypassmfa configuration was set to true.