PingFederate Server

Configuring a CIBA authenticator instance

The PingOne MFA Integration Kit includes the PingOne SDK client initiated backchannel authentication (CIBA) Authenticator, which works with PingFederate’s CIBA feature.

About this task

For instructions on configuring the CIBA Authenticator for PingOne SDK, see Configuring a CIBA authenticator instance.

Steps

  1. Go to Authentication → OAuth → CIBA Authenticators to open the CIBA Authenticators window.

  2. On the CIBA Authenticators window, click Create New Instance to start the Create CIBA Authenticator Instance configuration workflow.

  3. On the Type tab, configure the basics of this authenticator instance.

    1. Enter a name and an ID in the Instance Name and Instance ID fields.

    2. Select a CIBA authenticator from the Type list.

      Selections vary depending on the deployed CIBA authenticators.

    You can use the PingFederate SDK to implement a custom solution. For more information, see the Javadoc for the OOBAuthPlugin interface, the SampleEmailAuthPlugin.java file for a sample implementation and the SDK developer’s guide for build and deployment information.

    +

    The Javadoc for PingFederate and the sample implementation are in the <pf_install>/pingfederate/sdk directory.

  4. On the Instance Configuration tab, follow the on-screen instructions to configure the authenticator instance.

    Configuration requirements vary depending on the authenticator implementation.

  5. On the Actions tab, follow the on-screen instructions to test the validity of the authenticator instance configuration or to perform secondary configuration tasks.

    Availability of this tab and actions vary depending on the authenticator implementation.

  6. On the Extended Contracts tab, follow the on-screen instructions to define additional attributes.

    The authenticator contract is the list of input parameters used to challenge the user for authentication. Some authenticators support extending the contract for additional functionality, such as formatting the data presented to the user during the authentication challenge.

    Availability of this window and supported attribute names vary depending on the authenticator implementation.

  7. On the Summary tab, review your configuration, modify as needed, and click Done to exit the Create CIBA Authenticator Instance workflow.

  8. On the CIBA Authenticators window, click Save to retain the configuration of the authenticator instance.

    If you want to exit without saving the configuration, click Cancel.