Authenticating using your iPhone (Windows login)
This section describes the various ways you can authenticate to Windows login using your iPhone.
You can use any of the following methods to authenticate:
-
Swipe
-
Biometrics
-
Apple Watch
-
One-time passcode
-
Authenticate manually with PingID mobile app
-
Authenticate manually with the PingID mobile app
If your organization allows you to authenticate using more than one device type, you can add a device and decide which device you want to use as your primary (default) authentication method. For more information, see Managing your devices.
The options available to you are defined by your organization’s policy.
Using swipe authentication for iPhone (Windows login)
If you have the PingID app running on your mobile device and your organization is using swipe authentication, sign on to your Windows desktop or laptop machine using swipe to authenticate.
Before you begin
Pair your device with PingID mobile app to enable authentication. For more information, see (legacy) Pairing PingID mobile app for iPhone (using a QR code or pairing code) or Adding and reordering devices.
About this task
Steps
-
Sign on to your Windows laptop or desktop machine.
Choose from:
-
If your organization has eliminated passwords: Under Sign-in options, click the PingID icon, and then click the arrow.
-
If your organization requires a username and password: Under Sign-in options, click the key icon and enter your username and password and then click the arrow key.
-
+
Result:
+ The Authenticating on… window appears, and an authentication notification request is sent to your mobile device.
+
-
Accept the authentication notification, depending on your mobile’s notification settings:
Choose from:
-
If your device is locked, long press the notification until it shows the option to approve or deny the request, and then tap Approve.
-
If your device is unlocked, pull down the notification until it shows the option to Approve or Deny the request, and then tap Approve.
If configured by your organization, you’ll see a map on the notification screen, showing the location, device type, and browser used by the device attempting to accessing your account or app. This can help you identify a fraudulent authentication attempt.
-
-
If your mobile phone is unlocked and PingID is open, swipe to authenticate.
Result:
The green Authenticated screen appears with a check mark, indicating successful authentication.
Result
You are signed on to your Windows machine.
Using biometrics authentication for iPhone (Windows login)
Authenticate with your device biometrics using PingID mobile app.
Before you begin
-
Register biometrics on your device, such as fingerprints or Face ID.
-
Pair your iPhone to use biometrics to authenticate. See (legacy) Pairing PingID mobile app for iPhone (using a QR code or pairing code).
About this task
Authentication varies slightly depending on your phone model, phone settings, and whether your device is locked or unlocked when the authentication request sends.
The following animation shows an example of a passwordless authentication flow using biometrics. NOTE: You might need to enter your password, depending on your organization’s configuration.
|
Biometrics authentication is only available to you if the option is enabled by your organization. |
Steps
-
Sign on to your Windows laptop or desktop machine.
Choose from:
-
If your organization has eliminated passwords: Under Sign-in options, click the PingID icon, and then click the arrow.
-
If your organization requires a username and password: Under Sign-in options, click the key icon and enter your username and password and then click the arrow key.
Result:
The Authenticating on… window appears, and an authentication notification request is sent to your mobile device.
-
-
Accept the authentication notification:
Choose from:
-
If your device is locked, long press the notification until it shows the option to approve or deny the request, and then tap Approve.
-
If your device is unlocked, pull down the notification until it shows the option to Approve or Deny the request, and then tap Approve.
If configured by your organization, you’ll see a map on the notification screen, showing the location, device type, and browser used by the device attempting to accessing your account or app. This can help you identify a fraudulent authentication attempt.
-
If your mobile phone is unlocked and PingID is open, you’ll be prompted to authenticate with your biometrics.
-
Face ID: Tap the message asking you to authorize scanning with Face ID, if prompted, or your face is scanned automatically.
-
Fingerprint: To scan your fingerprint, touch the Home button lightly.
Result:
The green Authenticated screen appears with a check mark, indicating successful authentication.
Result
You are signed on to your Windows machine.
-
Enabling and disabling passcodes on your Apple watch (Windows login)
Enable the use of PingID one-time passcodes (OTPs) on your Apple watch.
About this task
If you have installed the PingID app on your device, the PingID Apple Watch app is automatically installed on your watch and you will start receiving notifications to your watch. You can also open the PingID app on your watch to receive a one-time passcode (OTP). If the Apple watch app is disabled, you will not be able to access a one-time passcode from your watch.
|
The Apple watch only receives notifications when your mobile device is locked, and the mobile device screen is in sleep mode. |
Steps
-
On your iPhone, tap the Watch app, and then tap PingID.
-
To enable or disable the app on your Apple watch, tap Show App on Apple Watch.
Result:
The PingID app is installed on your Apple watch, and the PingID icon appears.
-
To view the current one-time passcode, on your Apple watch, tap the PingID icon.
-
(Optional) To get a new passcode, tap Refresh.
Authenticating using a one-time passcode (Windows login)
One of the authentication methods that administrators can allow is the use of a generated one-time passcode (OTP).
Before you begin
Pair your device with PingID mobile app to enable authentication. For more information, see (legacy) Pairing PingID mobile app for iPhone (using a QR code or pairing code) or Adding and reordering devices.
Steps
-
Sign on to your Windows laptop or desktop machine.
Choose from:
-
If your organization has eliminated passwords: Under Sign-in options, click the PingID icon, and then click the arrow.
-
If your organization requires a username and password: Under Sign-in options, click the key icon and enter your username and password and then click the arrow key.
Result:
The Authenticating on… window appears. This is where you enter the OTP after it has been generated in the app.
-
-
On the device you use for MFA, open the PingID app, and get the one-time passcode that is displayed.
-
When opening PingID mobile app, update your location permissions to Allow all the time, if prompted to do so.
-
The one-time passcode refreshes each time you open the PingID app. If you need to generate a new one-time passcode, tap New Passcode.
-
-
Return to the Authentication window on your Windows computer, enter the passcode, and click Sign In.
Result:
MFA is complete, and you are signed on to your Windows computer.
Authenticating manually with the PingID mobile app (Windows Login)
If you sign on to your Windows laptop or desktop machine without having a network connection, such as airplane mode or without Wi-Fi connection, you can authenticate manually using the PingID mobile app.
Before you begin
To authenticate manually with PingID you must first pair your device with PingID and authenticate online at least once. For more information see (legacy) Pairing PingID mobile app for iPhone (using a QR code or pairing code) or Adding and reordering devices.
About this task
The process to authenticate manually is different than the way you usually sign in.
To authenticate manually:
-
PingID mobile app must be installed on your device, paired with your account. Minimum requirements for manual authentication is PingID mobile app 1.18. For windows passwordless authentication, PingID mobile app 2.15 or later is required.
-
You need to successfully authenticate to the specific Windows machine you are trying to access online at least one time before you can authenticate manually.
-
Your device must have a working camera, with the PingID Mobile app camera permissions set to Approve. For more information, see PingID mobile app management (legacy).
Steps
-
Sign on to your Windows laptop or desktop machine.
-
If your organization has eliminated passwords: Under Sign-in options, click the PingID icon, and then click the arrow.
-
If your organization requires a username and password: Under Sign-in options, click the key icon and enter your username and password and then click the arrow key.
Result:
A Manual Authentication message appears, displaying a QR code requesting that you authenticate manually.
If you have more than one mobile device paired with your account, you’ll need to select the device you want to use to authenticate before the Manual Authentication message appears.
-
-
On your mobile device, open the PingID mobile app:
-
Tap the Gear icon (
)
. -
Select Manual Auth.
-
Authenticate using your device biometrics, if required.
Result:
The QR code scanner for manual authentication opens.
-
-
Using your mobile device, scan the QR code displaying in the Manual Authentication window.
Result:
You receive an Authentication Code.
-
Enter the Authentication Code into the Manual Authentication window. Click Sign In.
Result
You are signed on to your Windows machine.