PingOne

Overview of the verification flow

With the PingOne Verify Integration Kit, PingFederate includes PingOne Verify in the sign-on or self-service registration flow. The verification flow differs slightly depending on the user’s device type, which the PingOne Verify IdP Adapter determines based on the browser user agent.

Same device verification flow description

The user performs verification on the same device that the PingFederate flow is run.

The same device flow is only usable with mobile devices. This flow occurs automatically when the PingOne Verify IdP Adapter detects that the user agent is a mobile device.

  1. The user initiates single sign-on (SSO) or self-service registration with PingFederate.

    For example, they might complete the first authentication or self-registration step provided by an HTML Form Adapter instance.

  2. The PingOne Verify IdP Adapter (the adapter) presents an HTML page indicating that verification is required.

  3. The user clicks Begin Verification.

  4. The adapter contacts PingOne Verify to initiate the verification process.

    If Provision User is enabled in the adapter configuration, the adapter provisions the user if they don’t already exist in PingOne at this stage.

  5. The adapter redirects the user to the PingOne Verify web application.

  6. The user follows the prompts to complete the data submission process.

    This typically involves scanning their government-issued photo ID and submitting a live face capture.

  7. The PingOne Verify web application automatically redirects the user back to PingFederate.

  8. PingOne Verify provides the adapter with the result of the verification process.

  9. If Show Success Screens and Show Error Screens are enabled in the adapter configuration, the adapter presents an HTML page that shows the success or error message, depending on the verification result.

  10. If the user completed the verification process successfully, PingFederate provides access to the requested resource or completes the registration process.

Different device verification flow description

The user performs verification on a secondary device.

  1. The user initiates SSO or self-service registration with PingFederate.

    For example, they might complete the first authentication or self-registration step provided by an HTML Form Adapter instance.

  2. The PingOne Verify IdP Adapter (the adapter) presents an HTML page indicating that verification is required.

  3. The user clicks Begin Verification.

  4. The adapter presents an HTML page allowing the user to select a verification method.

  5. On the Select Method page:

    1. The user selects a verification method.

      They can choose to either scan a QR code to avoid receiving a notification, or to receive a web link through email or text message notification.

    2. If the user chooses Email or Text Message as the verification method, they must select a configured email address or phone number to send the verification code to.

    3. The user clicks Continue.

  6. The PingOne Verify IdP Adapter contacts PingOne Verify to initiate the verification process.

    If Provision User is enabled in the adapter configuration, the adapter provisions the user if they don’t already exist in PingOne at this stage.

  7. If the user selected Email or Text Message as the verification method:

    1. PingOne Verify provides a web link to the user through the specified verification method.

    2. The adapter presents an HTML page indicating that the user should check their email or text messages to continue with verification.

    3. If the user doesn’t receive the web link through their email or text messages, they can click Generate QR Code to proceed.

      This creates a QR code that can be used for verification instead of the web link without creating a new transaction.

  8. If the user selected QR Code as the verification method:

    1. PingOne Verify provides a verification code and QR code image URL to the adapter.

    2. The adapter presents an HTML page that shows the verification code and QR code to the user.

  9. The user follows the prompts to complete the verification process.

    This typically involves scanning their government-issued photo ID and submitting a live face capture.

  10. The adapter polls PingOne Verify while it waits for the result of the verification process.

  11. PingOne Verify provides the adapter with the result of the verification process.

  12. If Show Success Screens and Show Error Screens are enabled in the adapter configuration, the adapter presents an HTML page that shows the success or error message, depending on the verification result.

  13. If the user completed the verification process successfully, PingFederate provides access to the requested resource or completes the registration process.