Verification flow
When using the PingOne Verify IdP Adapter through the PingFederate authentication application programming interface (API), the following flow is used for verification requests.
Identity verification
-
The user completes first-factor authentication or begins the registration flow.
ID verification begins when using the PingOne Verify IdP Adapter is triggered in the PingFederate authentication or registration flow.
-
PingFederate returns a status of
ID_VERIFICATION_DEVICE
orID_VERIFICATION_OPTIONS
. The user selects how they want to proceed with the verification process.ID_VERIFICATION_OPTIONS
is not always present in the flow. It appears if the user has an email address or mobile number tied to the account. The email address or phone number can come from authentication policy attributes or from a LDAP server.Also, if your configuration forces the email or phone option, the adapter skips the selection step.
-
PingFederate returns a status of
ID_VERIFICATION_REQUIRED
in the response to the API client and provides a QR code and a verification code. -
The API client displays the QR code and verification code to the user.
-
The user completes the ID verification process in mobile web.
-
The API client invokes the poll action.
-
PingFederate returns the status of
ID_VERIFICATION_IN_PROGRESS
to the API client. -
The poll action repeats until one of the following statuses occurs:
-
ID_VERIFICATION_REQUIRED
-
Verification failed, but a retry is allowed
-
The user can complete (or retry) the verification process with the provided QR code and verification code
-
There are two options available to the API client:
-
Continue polling by calling
poll
and wait for the status to change -
Cancel the verification request by calling
cancelAuthentication
-
-
-
ID_VERIFICATION_FAILED
-
Verification failed, and a retry is not allowed
-
The authentication request is cancelled
-
-
ID_VERIFICATION_TIMED_OUT
-
Verification timed out
-
There are two options available to the API client:
-
Retry by calling
retryVerification
-
Cancel the verification request by calling
cancelAuthentication
-
-
-
ID_VERIFICATION_COMPLETED
-
Verification succeeded
-
The API client continues the flow by calling
continueAuthentication
-
PingFederate returns the transaction status and user data to the API client
-
-