---
title: Known issues and limitations
description: The following are known issues or limitations for the PingOne MFA Integration Kit.
component: pingone
page_id: pingone:pingone_mfa_integration_kit:pf_p1_mfa_ik_known_issues_and_limitations
canonical_url: https://docs.pingidentity.com/integrations/pingone/pingone_mfa_integration_kit/pf_p1_mfa_ik_known_issues_and_limitations.html
revdate: February 23, 2026
section_ids:
  known-issues: Known issues
  known-limitations: Known limitations
---

# Known issues and limitations

The following are known issues or limitations for the PingOne MFA Integration Kit.

## Known issues

There are no known issues.

## Known limitations

* Automatic Device Enrollment

  The PingOne MFA IdP Adapter only supports automatic device enrollment for SMS, voice, and email authentication methods. Users can add other authentication methods directly through the PingOne MFA self-service URL. Learn more in [Self service](https://docs.pingidentity.com/pingone/user_experience/p1_self_service.html) and [Managing authentication methods](https://docs.pingidentity.com/pingone/managing_your_pingone_user_profile/p1_managingauthenticationmethods.html) in the PingOne MFA documentation.

* **Default Authentication Method Type** Setting

  If a user has existing authentication methods, but no default is set, the adapter doesn't set a default authentication method. This scenario can occur if the user was created before PingOne supported default authentication methods.

* Localizing the Adapter Messages File

  To use a localized version of the adapter messages file, a copy of the core PingFederate messages file must exist with the same language tag. For example, to allow `pingone-mfa-messages_fr.properties` to work, create `pingfederate-messages_fr.properties`.

* Maximum PingOne MFA Integration Kit Authentication Session Lifetime

  Setting the **OTP Lifetime** higher than 15 minutes in the PingOne MFA policy has no effect because PingOne flows expire after 15 minutes of inactivity, making the OTP unusable.

* MFA Requirements for Password Reset Flow

  As a security measure, if the user initiates a password reset flow and multi-factor authentication (MFA) *(tooltip: \<div class="paragraph">
  \<p>An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.\</p>
  \</div>)* isn't satisfied, the PingOne MFA IdP Adapter fails. For example, this applies when the user clicks the password reset link on the HTML Form Adapter and the PingOne authentication policy dictates that MFA is bypassed for the user.

* Synchronizing Authentication Methods

  The PingOne MFA IdP Adapter only adds authentication methods to PingOne. To synchronize authentication methods and other user attributes, use the PingOne Connector provided in the [PingOne Integration Kit](https://marketplace.pingone.com/item/pingone-integration-kit).