PingAM 7.5.1

Manage devices for MFA

Multi-factor authentication requires you to register a device, which is used as an additional factor when you log in to AM.

The following table summarizes different tasks related to devices used for multi-factor authentication:

Task Resources

Learn about the ForgeRock Authenticator

Download the ForgeRock Authenticator app, which supports push authentication notifications and one-time passwords, and register it in AM.

Recover user accounts

Learn how to recover a user account when the user has lost their registered device, or when their device has become out of sync with AM.

Reset registered devices

In some scenarios, for example, when users are not able to access their recovery codes, you can reset their registered devices to allow them to register again.

List registered devices

Learn how to list devices registered to a user.

MFA details are stored in the following profile attributes:

  • OATH: oathDeviceProfiles

  • Push: pushDeviceProfiles

  • WebAuthn: webauthnDeviceProfiles

  • Bound: boundDevices

You can access these attributes in scripts in the same way you access other profile attributes.