---
title: Remembered devices setup
description: Configure the ability to create and verify a remembered device based on the user's accessing browser after they complete a successful MFA attempt. This enables users to skip authentication steps during future attempts if they access applications from the same computer and browser.
component: pingone
page_id: pingone:pingone_mfa_integration_kit:pf-p1-mfa-ik-remembered-device-setup
canonical_url: https://docs.pingidentity.com/integrations/pingone/pingone_mfa_integration_kit/pf-p1-mfa-ik-remembered-device-setup.html
revdate: February 23, 2026
section_ids:
  components: Components
  how-the-remembered-devices-flow-works: How the remembered devices flow works
  setting-up-a-remembered-devices-flow: Setting up a remembered devices flow
---

# Remembered devices setup

Configure the ability to create and verify a *remembered device* based on the user's accessing browser after they complete a successful MFA attempt. This enables users to skip authentication steps during future attempts if they access applications from the same computer and browser.

Remember Me capabilities include:

* Allowing users to select whether their accessing browser should be remembered for future authentication attempts.

  |   |                                                                                                                                                                                                             |
  | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  |   | To maintain security, Remember Me functionality should only be used on private devices or browsers. Make sure the Remember Me template warns users not to enable this feature on a public or shared device. |

* Specifying which authentication steps users with remembered devices can skip.

* Configuring how long devices are remembered for.

  |   |                                                       |
  | - | ----------------------------------------------------- |
  |   | This setting is accessible in the PingOne MFA policy. |

* Invalidating trusted devices after performing single logout (SLO) *(tooltip: \<div class="paragraph">
  \<p>The process of signing a user out of multiple sites where the user has started a SSO session.\</p>
  \</div>)*, but not after closing the browser.

  |   |                                                           |
  | - | --------------------------------------------------------- |
  |   | Device trust is tied to PingOne, it isn't stored locally. |

The Remember Me experience isn't compatible with the `pf-js-widget`.

## Components

* PingOne MFA Remember Me Verifier Adapter

  (Included in the `pf-pingone-mfa-adapter-<version>.jar` file)

  * Calls the [Check Remember Me Device PingOne API](https://developer.pingidentity.com/pingone-api/mfa/users/remembered-devices/check_remembered_device.html) to verify if the sign-on device is trusted.

  * Handles cleanup after SLO, deleting the remembered device in PingOne and deleting any set cookies.

  > **Collapse: Possible outcomes**
  >
  > * Status
  >
  >   `SUCCESS` or `FAILURE`.
  >
  > * AttributeMap
  >
  >   `username` (only if the status is `SUCCESS`).

* PingOne MFA Remember Me Manager Adapter

  (Included in the `pf-pingone-mfa-adapter-<version>.jar` file)

  * Asks for the user's consent in a new page (**Remember This Device?**) or state (`REMEMBER_ME_USER_CONSENT_REQUIRED`).

  * Calls the [Create Remember Me Device PingOne API](https://developer.pingidentity.com/pingone-api/mfa/users/remembered-devices/create_remembered_device.html) to register the device, if the user gives consent and completes the full authentication flow successfully.

  * Sets cookies.

  > **Collapse: Possible Outcomes**
  >
  > * Status
  >
  >   `SUCCESS` or `FAILURE`.
  >
  > * AttributeMap
  >
  >   `username` and `pingone.mfa.remember.me.device.creation.status` (only if the status is `SUCCESS`).
  >
  >   > **Collapse: Possible  values**
  >   >
  >   > * `com.pingidentity.pingone.device_not_created_user_declined`: Set if a user clicked **Don't Remember** when prompted to allow the adapter to remember their device.
  >   >
  >   > * `com.pingidentity.pingone.device_created`: Set if the user clicked **Remember Device** when prompted to allow the adapter to remember their device, and completed the full MFA flow successfully.
  >   >
  >   > * `com.pingidentity.pingone.device_not_created_user_opted_do_not_ask_again`: Set if a user clicked **Don't ask again on this device** when prompted to allow the adapter to remember their device.
  >   >
  >   > * `com.pingidentity.pingone.device_not_created_mfa_not_completed`: Set if the user clicked **Remember Device** when prompted to allow the adapter to remember their device, but didn't complete the full MFA flow. For example, if the user [bypassed MFA](p1_mfa_ik_mfa_bypass_configuration_requirements.html).
  >   >
  >   > * `com.pingidentity.pingone.device_not_created_policy_disallows_remember_me`: Set if the user clicked **Remember Device** when prompted to allow the adapter to remember their device, but Remember Me isn't configured in the [PingOne MFA policy](https://docs.pingidentity.com/pingone/strong_authentication_mfa/p1_creating_an_mfa_policy_for_strong_auth.html).
  >
  > * Set-Cookie header
  >
  >   > **Collapse: Cookie details**
  >   >
  >   > * `pf_remembermeadapter_rememberme_token`: A persistent cookie that contains a remember me token, and is set after remembered device creation. This cookie preserves the remembered device cookie and includes it in requests made to the PingOne API when verifying if the user is on a remembered device. Persists until SLO is performed or the browser deletes the cookie because of `max-age` expiry.
  >   >
  >   > * `pf_remembermeadapter_remembered_subject`: A persistent cookie that contains a base64-encoded username associated with the current browser, and is set after remembered device creation. This cookie preserves the username associated with the curent browser and includes it in requests made to the PingOne API when verifying if the user is on a remembered device. Persists until SLO is performed or the browser deletes the cookie because of `max-age` expiry.
  >   >
  >   >   |   |                                                                                                                      |
  >   >   | - | -------------------------------------------------------------------------------------------------------------------- |
  >   >   |   | This cookie is always set, but it's used only when the incoming chained attributes don't include a username already. |
  >   >
  >   > * `pf_remembermeadapter_user_consent_donotaskagain`: A persistent cookie that contains a flag indicating the user's choice on the don't show again option included in the user consent template, and is set after the user chooses **Don't ask again on this device** on the user consent page. Persists for one year.

* Sample `.html` spinner template

  * Generates and submits the `signals-sdk` payload that's necessary to submit in the request body to call the PingOne APIs.

  * The PingOne MFA Remember Me Verifier Adapter and PingOne MFA Remember Me Manager Adapter display this spinner whenever they make a call to the PingOne APIs, unless the user clicked **Don't Remember** or **Don't ask again on this device** when prompted to allow the adapter to remember their device.

## How the remembered devices flow works

* The PingOne MFA Remember Me Manager Adapter creates remembered devices after a successful UI or PingFederate Authentication API authentication flow is complete, and only if the user opts in.

  |   |                                                                                                                                                                                                             |
  | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  |   | To maintain security, Remember Me functionality should only be used on private devices or browsers. Make sure the Remember Me template warns users not to enable this feature on a public or shared device. |

  If MFA is bypassed or can't be completed, the PingOne MFA Remember Me Manager Adapter skips remembered device creation.

* On future authentication attempts, if the PingOne MFA Remember Me Verifier Adapter confirms that device is trusted, the user bypasses any following authentication steps. You can specify which steps to bypass in your PingFederate authentication policy configuration.

* On SLO *(tooltip: \<div class="paragraph">
  \<p>The process of signing a user out of multiple sites where the user has started a SSO session.\</p>
  \</div>)*, the system clears trusted devices.

## Setting up a remembered devices flow

1. [Deploy PingOne MFA Integration Kit 3.2 or later](pf_p1_mfa_ik_deploying_the_integration_files.html).

2. [Configure Remember Me adapter instances](pf-p1-mfa-ik-configure-remember-me-adapters.html).

3. [Arrange the PingFederate authentication policy](pf-p1-mfa-ik-authn-policy-configs.html).

4. [Review methods of handling user consent for Remember Me device creation](pf-p1-mfa-ik-handling-user-consent.html).

5. If using the PingFederate Authentication API, [prepare the signals-sdk to generate browser fingerprints](pf-p1-mfa-ik-generating-the-browser-fingerprint.html).

   Additionally, review the following entries in [Models, objects, and error codes](pf-p1-mfa-ik-models-objects-and-error-codes.html).

   * States

     `EVALUATE_REMEMBER_ME_DEVICE`, `REMEMBER_ME_USER_CONSENT_REQUIRED`, and `MANAGE_REMEMBER_ME_DEVICE`.

   * Actions

     `submitRememberMeUserConsent` and `submitDeviceInformation`.

   * Objects

     `SubmitRememberMeUserConsentRequest` and `SubmitDeviceInformationRequest`.

   * Errors

     `BROWSER_FINGERPRINT_REQUIRED`.

6. Ensure state synchronization across nodes in clustered PingFederate deployments.