Using FIDO device with PingOne custom domain configuration
The PingOne MFA IdP Adapter supports FIDO device pairing and authentication with FIDO services. You must register the paired devices with the PingFederate domain.
FIDO devices that are paired directly using the PingOne self-service do not work with the PingFederate authentication flow unless you register the devices with either Custom Domain or Other configured as the Relying Party ID and make them visible to the PingFederate domain.
When you choose either of these options as the Relying Party ID, you can configure the PingFederate domain to run on its own subdomain of the custom domain by changing the PingFederate base URL or using a virtual host name. Configuring the PingFederate domain to run as its own subdomain enables you to use FIDO devices interchangeably.
-
For information on how to set up a custom domain in PingOne, see Setting up a custom domain.
-
For information on changing the PingFederate base URL or using a virtual host name, see Specifying federation information or Virtual host names in the PingFederate documentation.