PingOne

Verification flow

When using the PingOne Verify IdP Adapter through the PingFederate authentication API, the following flow is used for verification requests.

Identity verification

A diagram of the verification API flow.

  1. The user completes first-factor authentication or begins the registration flow. ID verification begins when using the PingOne Verify IdP Adapter is triggered in the PingFederate authentication or registration flow.

  2. PingFederate returns a status of ID_VERIFICATION_DEVICE or ID_VERIFICATION_OPTIONS. The user selects how they want to proceed with the verification process.

    ID_VERIFICATION_OPTIONS is not always present in the flow. It appears if the user has an email address or mobile number tied to the account. The email address or phone number can come from authentication policy attributes or from a LDAP server.

    Also, if your configuration forces the email or phone option, the adapter skips the selection step.

  3. PingFederate returns a status of ID_VERIFICATION_REQUIRED in the response to the API client and provides a QR code and a verification code.

  4. The API client displays the QR code and verification code to the user.

  5. The user completes the ID verification process in mobile web.

  6. The API client invokes the poll action.

  7. PingFederate returns the status of ID_VERIFICATION_IN_PROGRESS to the API client.

  8. The poll action repeats until one of the following statuses occurs:

    • ID_VERIFICATION_REQUIRED

      • Verification failed, but a retry is allowed

      • The user can complete (or retry) the verification process with the provided QR code and verification code

      • There are two options available to the API client:

        • Continue polling by calling poll and wait for the status to change

        • Cancel the verification request by calling cancelAuthentication

    • ID_VERIFICATION_FAILED

      • Verification failed, and a retry is not allowed

      • The authentication request is cancelled

    • ID_VERIFICATION_TIMED_OUT

      • Verification timed out

      • There are two options available to the API client:

        • Retry by calling retryVerification

        • Cancel the verification request by calling cancelAuthentication

    • ID_VERIFICATION_COMPLETED

      • Verification succeeded

      • The API client continues the flow by calling continueAuthentication

      • PingFederate returns the transaction status and user data to the API client