PingOne

PingOne Verify IdP Adapter settings reference

Field descriptions for the PingOne Verify IdP Adapter configuration, accessible on the IdP Adapter tab in the PingFederate admin console.

Standard fields

Details
Field Description

PingOne Environment

Select the PingOne connection you created in Connecting PingFederate to PingOne.

This field is blank by default.

PingOne Population

If a user doesn’t already exist in PingOne, the adapter provisions the user to this PingOne population.

Applies only when Provision User is selected.

This list populates after you select the PingOne Environment.

Verify Policy

The name of the verify policy you want to use.

This list populates after you select the PingOne Environment.

Email Chained Attribute

The name of the incoming chained attribute that contains the user’s email address.

The default value is mail.

Phone Chained Attribute

The name of the incoming chained attribute that contains the user’s phone number.

The default value is mobile.

Reference Image Chained Attribute

The name of the incoming chained attribute that contains the user’s reference image.

The facial comparison only verify policy requires the reference image as a base64-encoded string.

The default value is photo.

Verification URL Delivery Method

Select how the verification link is sent to users to begin the identity verification process.

When set to User selection, users can choose their preferred delivery method. For example, email or SMS.

The default value is User Selection.

Redirect URL

This field isn’t used in the same device verification flow. Learn more in PingOne Verify Integration Kit 2.3.1 and Overview of the verification flow.

The destination URL that users are directed to automatically after completing identity verification successfully.

Redirect Message

This field isn’t used in the same device verification flow. Learn more in PingOne Verify Integration Kit 2.3.1 and Overview of the verification flow.

A customizable message shown to users before they’re directed to the Redirect URL.

If you configure a Redirect Message, you must configure a Redirect URL before you can save the configuration.

First Name Chained Attribute

The name of the incoming chained attribute that contains the user’s first name.

  • This value is compared against the first name extracted from the government ID submitted during verification to ensure they match.

    If this field is left empty, record matching isn’t performed for this user attribute.

  • This value is also used for data-based identity verification.

Last Name Chained Attribute

The name of the incoming chained attribute that contains the user’s last name.

  • This value is compared against the last name extracted from the government ID submitted during verification to ensure they match.

    If this field is left empty, record matching isn’t performed for this user attribute.

  • This value is also used for data-based identity verification.

Full Name Chained Attribute

The name of the incoming chained attribute that contains the user’s full name.

Required when verifying against ID types that only support full name extraction (instead of separate first and last name components).

This value is compared against the full name extracted from the government ID submitted during verification to ensure they match.

If this field is left empty, record matching isn’t performed for this user attribute.

Address Chained Attribute

The name of the incoming chained attribute that contains the user’s address.

This value is compared against the address extracted from the government ID submitted during verification to ensure they match.

If this field is left empty, record matching isn’t performed for this user attribute.

Date of Birth Chained Attribute

The name of the incoming chained attribute that contains the user’s date of birth.

Use the following format: YYYY-MM-DD.

This value is compared against the date of birth extracted from the government ID submitted during verification to ensure they match.

If this field is left empty, record matching isn’t performed for this user attribute.

National ID Number Chained Attribute

The name of the incoming chained attribute that contains the user’s national ID number.

Used for data-based identity verification.

Street Address Chained Attribute

The name of the incoming chained attribute that contains the user’s street address.

Used for data-based identity verification.

Street Address Line 2 Chained Attribute

The name of the incoming chained attribute that contains the second line of the user’s street address.

Used for global data-based identity verification.

City Chained Attribute

The name of the incoming chained attribute that contains the user’s city.

Used for data-based identity verification.

State Address Chained Attribute

The name of the incoming chained attribute that contains the user’s state.

Used for data-based identity verification.

ZipCode Chained Attribute

The name of the incoming chained attribute that contains the user’s zip code.

Used for data-based identity verification.

Country Chained Attribute

The name of the incoming chained attribute that contains the user’s country.

Used for global data-based identity verification.

Advanced fields

Details
Field Description

Test Username

The PingOne username that the adapter uses to test the PingOne Verify connection on the Actions tab.

This field is blank by default.

HTML Template Prefix

Identifies the set of HTML templates that the adapter uses to show the authentication status or request a one-time passcode (OTP).

If you customize the template file names in the /server/default/conf/template directory, enter the new prefix here.

The default value is pingone-verify.

You can find a description of the template files in Download manifest.

Messages Files

Identifies the customizable language-pack file that the adapter uses to show messages on the templates.

If you customize the pingone-verify-messages.properties file name in the /server/default/conf/language-packs directory, enter the new name here.

The default value is pingone-verify-messages.

Error Message Key Prefix

Identifies the error messages in the language-pack file that the adapter uses to show messages on the templates.

If you customize the error message names in /server/default/conf/language-packs/pingone-verify-messages.properties, enter the new prefix here.

The default value is:

pingone.verify.error.

Provision User

If a user doesn’t already exist in PingOne, the adapter provisions the user to PingOne.

This checkbox is selected by default.

Allow Verification Retries

When ID verification fails, this setting determines whether a user can try again. Your PingOne Verify configuration determines the maximum number of retry attempts.

This checkbox is cleared by default.

Reset Verification Status

Require ID verification for every authentication attempt by resetting the user’s status.

This checkbox is cleared by default.

User Not Found Failure Mode

When a user error occurs in PingOne, this setting determines whether the adapter blocks the user’s sign-on or registration attempt.

User errors include the following:

  • The user is disabled

  • The user doesn’t exist

  • The user can’t be provisioned

  • The PingOne Verify service is disabled for the user

The default selection is Block user.

Service Unavailable Failure Mode

When PingOne doesn’t respond, this setting determines whether the adapter blocks the user’s sign-on or registration attempt.

The default selection is Bypass authentication.

Verification Failure Mode

Determines whether the adapter blocks the user’s sign-on attempt when ID verification fails. Selection options include:

Block user

When a transaction fails, the adapter returns a FAIL response and blocks the user’s sign-on attempt.

Bypass authentication

When a transaction fails, the adapter returns a SUCCESS response instead of a FAIL response to make adapter attributes available for policy contract mapping in the VERIFICATION_FAILED path.

The attributes contain the same core and optional contract attributes included in a successful transaction, plus an additional errorMessage attribute in the core contract. The transactionStatus attribute is set to fail.

If a transaction isn’t created due to an error in the request, the adapter uses the regular FAIL path even if the Verification Failure Mode is set to Bypass authentication.

The default value is Block user.

Show Success Screens

Determines whether the adapter shows a success page when the verification process is successful.

This checkbox is selected by default.

Show Error Screens

Determines whether the adapter shows an error page when the verification process fails and the user can’t make another verification attempt.

This checkbox is selected by default.

Show Timeout Screens

Determines whether the adapter shows a timeout page when the verification process times out.

This checkbox is selected by default.

State Timeout

The amount of time in seconds that the adapter allows for each state of the process when waiting for a user to complete the verification process.

The default value is 1200. The minimum value is 60.

API Request Timeout

The amount of time in milliseconds that PingFederate allows when establishing a connection with PingOne Verify or waiting for a response to a request. A value of 0 disables the timeout.

The default value is 5000.

Proxy Settings

Defines proxy settings for outbound HTTP requests.

The default value is System Defaults.

Custom Proxy Host

The proxy server host name to use when Proxy Settings is set to Custom.

This field is blank by default.

Custom Proxy Port

The proxy server port to use when Proxy Settings is set to Custom.

This field is blank by default.