PingOne

Configuring a provider instance

The PingOne Protect provider works similarly to CAPTCHA providers and can detect bot activity before the password credential validator (PCV) is triggered.

About this task

A provider instance isn’t required, but having one is necessary for bot detection.

Steps

  1. In the PingFederate administrative console, go to System → External Systems → CAPTCHA and Risk Providers. Click Create New Instance.

  2. On the Type tab, set the basic provider instance attributes:

    1. In the Instance Name field, enter a name for the provider instance.

    2. In the Instance ID field, enter a unique identifier for the adapter instance.

    3. In the Type list, select PingOne Protect Provider. Click Next.

  3. On the Instance Configuration tab:

    1. In the PingOne Environment field, select your PingOne Connection and Environment Name.

    2. Click Show Advanced Fields.

    3. Optional: To allow the adapter to evaluate the risk rather than the provider, clear the Enable Risk Evaluation check box.

    4. In the Field Value list for PingOne Risk Policy section, select your risk policy.

    5. The Custom Connection Pool setting controls the number of connections to PingOne Protect. Can be between 25 and 200. Recommended that the number be left at the default value.

    6. Click Next.

  4. On the Summary tab, click Save.

  5. Enable the HTML Form adapter to use the provider:

    1. Go to Authentication → Integration → IdP Adapters. Select your HTML Form IdP Adapter from the list.

    2. On the IdP Adapter tab, click Show Advanced Fields.

    3. In the Risk Provider list, select your PingOne Protect provider instance.

    4. Select one or more of the following check boxes.

      Check box Description

      Risk for authentication

      Enable for the login form to prevent automated attacks

      Risk for password change

      Enable for the password change form to prevent automated attacks

      Risk for password reset

      Enable for the password reset and account unlock features to prevent automated attacks

      Risk for username recovery

      Enable for the username recovery features to prevent automated attacks

  6. Optional: Set the device profile settings for the PingOne Protect adapter:

    1. Go to Authentication → Integration → IdP Adapters.

    2. Select your PingOne Protect IdP adapter from the list.

    3. On the IdP Adapter tab, click Show Advanced Fields.

    4. Optional: Enable Include Device Dynamic Profile.

    When enabled, the adapter will load the device profiling page if it hasn’t already received the device profile payload from the provider.