Authenticating with PingID using a security key
You can authenticate using a security key access your account or app securely with PingID.
Before you begin
-
Pair your security key with your account to enable authentication. For information, see Setting up a security key or Managing your devices.
-
Ensure you are using a browser that supports the use of a security key, such as Google Chrome or Microsoft Edge, and that you have the latest version of the browser. The authentication process might vary slightly depending on the browser that you are using.
-
To authenticate with a mobile device, the mobile device must be running either:
-
Android devices: Android 7 or later
-
iOS devices: iOS 13.3 or later
-
-
If you are using a virtual machine (VM) to connect to your accessing device and want to authenticate using your security key, ensure that your VM is configured to recognize a USB device.
About this task
You can use a security key to access your account using a web browser or to access a Windows login machine.
|
Authenticating using a security key
Authenticate using a security key to securely access your account or app using a web browser.
About this task
The authentication process might vary slightly depending on the browser that you are using and your organization’s implementation.
The following animations demonstrate the two most common implementations of security key authentication with PingID:
-
Passwordless authentication: No username or password required.
-
Second factor authentication: Enter username and password, and then authenticate with your security key for a more secure sign-on.
Your security key must be paired with your account to enable authentication. For more information, see Pairing your security key. |
Steps
-
Connect your security key.
Choose from:
-
Connect through a USB cable.
-
If your security key model supports it, connect through NFC or Bluetooth, and make sure it is set to ON.
-
-
Open a browser window and sign on to your account or access an application that requires authentication.
-
Depending on your browser, an additional window in your browser might appear prompting you to authenticate with a security key.
-
If you are using iOS or macOS, you might be presented with an additional dialog where you must press Continue before authenticating with the key.
Result:
The Authentication window appears, prompting you to authenticate using your security key.
-
-
Use your security key to authenticate.
Select the Authentication browser window as the active window before you press the security key button.
Result
The green Authenticated message with a check mark appears, indicating successful authentication, and you are redirected to your account or app.
Authenticating using a security key (Windows login)
Use your security key to authenticate for a successful sign-on to your Windows device.
Before you begin
-
The minimum version of Windows login you need depends on the following:
-
If your organization requires you to enter a password to authenticate, you’ll need PingID for Windows login 2.3 or later.
-
If your organization has eliminated passwords, you’ll need PingID for Windows Passwordless login 1.2 or later.
If you’re not sure, check with your organization’s administrator.
-
|
About this task
The authentication flow varies slightly according to your organization’s configuration policy.
-
Passwordless authentication
-
Authentication with a password
Steps
-
Sign on to your Windows laptop or desktop machine.
Choose from:
-
If your organization has eliminated passwords: Under Sign-in options, click the PingID icon ( ), and then click the arrow.
-
If your organization requires a username and password: Under Sign-in options, click the key icon () , enter your username and password, and then click the arrow key.
-
-
(Windows passwordless users only) If you have more than one device paired with your account, you’ll see a list of your paired devices. Select the security key that you want to use to authenticate.
-
When you see a window asking you to authenticate with your security key, connect your security key, either physically through a USB cable or, if applicable, ensure NFC or Bluetooth are set to ON. If you have a biometrics security key, tap it with your fingerprint to authenticate, otherwise enter your PIN code, if prompted to do so.
You might see a message indicating that you are using one or more deprecated security key. If so, you should delete all deprecated devices (deprecated devices show the Delete option). Before you delete a device, make sure you have at least one alternative device paired with your account.
Result:
You are redirected to your Windows account.
Authenticating using a security key for manual authentication (Windows login)
You are only prompted to authenticate manually if you are signing on to your Windows machine without a network connection or Wi-Fi.
Before you begin
-
To use your security key to authenticate when you are offline, you must authenticate successfully at least once when online. For information, see Authenticating using a security key (Windows login).
-
The minimum version of Windows login you need depends on the following:
-
If your organization requires you to enter a password to authenticate, you’ll need PingID for Windows login 2.3 or later.
-
If your organization has eliminated passwords, you’ll need PingID for Windows Passwordless login 1.2 or later.
If you’re not sure, check with your organization’s administrator.
-
-
If your organization requires you to enter a password when you sign on, it is not possible to use a FIDO2 security key to authenticate when accessing your Windows login account through RDP. If your organization has eliminated passwords, you can do so.
-
If you are using a U2F security key, offline authentication is only supported when using PingID for Windows login 2.3 - 2.7.x.
About this task
Manual authentication with a security key is only possible if:
-
Your company policy and configuration allow the use of a security key to authenticate when offline.
-
You have already paired a security key and authenticated successfully at least once when online.
From PingID for Windows login 2.8 and later, you can use any security key that is paired to your account as long as you have successfully authenticated with it at least once online using the specific Windows machine that you want to sign on from. For version 2.7 and lower, you need to pair a security key specifically for manual authentication.
Steps
-
Connect your security key either physically through a USB cable or, if applicable, ensure NFC or Bluetooth are set to ON.
-
Sign on to your Windows machine.
-
If you are offline and do not have an internet connection, in the Manual Authentication window, follow the prompting to authenticate manually.
If you enrolled a security key for manual authentication in Windows login 2.7 or lower, and then upgraded to Windows login 2.8 or higher, you may see the same security key listed but with a different nickname. You should delete the deprecated duplicate device (deprecated devices show the Delete option). Before you delete a device, make sure you have at least one alternative device paired with your account.
-
If you have more than one authentication method paired with your account, in the Authenticating on section, select Security Key.
-
Click Next.
-
-
Use your security key to authenticate.
Result
The green Authenticated message appears with a check mark, indicating authentication is successful. You are redirected and signed on to your account or app.