PingID End User Guide

Authenticating with PingID using a security key

You can authenticate using a security key access your account or app securely with PingID.

Before you begin

  • Pair your security key with your account to enable authentication. For information, see Setting up a security key or Managing your devices.

  • Ensure you are using a browser that supports the use of a security key, such as Google Chrome or Microsoft Edge, and that you have the latest version of the browser. The authentication process might vary slightly depending on the browser that you are using.

  • To authenticate with a mobile device, the mobile device must be running either:

    • Android devices: Android 7 or later

    • iOS devices: iOS 13.3 or later

  • If you are using a virtual machine (VM) to connect to your accessing device and want to authenticate using your security key, ensure that your VM is configured to recognize a USB device.

About this task

You can use a security key to access your account using a web browser or to access a Windows login machine.

  • The authentication process might vary slightly depending on the browser that you are using and your organization’s implementation.

Authenticating using a security key

Authenticate using a security key to securely access your account or app using a web browser.

About this task

The authentication process might vary slightly depending on the browser that you are using and your organization’s implementation.

The following animations demonstrate the two most common implementations of security key authentication with PingID:

  • Passwordless authentication: No username or password required.

    An animation showing passwordless authentication.

  • Second factor authentication: Enter username and password, and then authenticate with your security key for a more secure sign-on.

    An animation showing second-factor authentication sign-on.

Your security key must be paired with your account to enable authentication. For more information, see Pairing your security key.

Steps

  1. Connect your security key.

    Choose from:

    • Connect through a USB cable.

    • If your security key model supports it, connect through NFC or Bluetooth, and make sure it is set to ON.

  2. Open a browser window and sign on to your account or access an application that requires authentication.

    A screen capture of the security key authentication window asking you to use your security key to authenticate.

    • Depending on your browser, an additional window in your browser might appear prompting you to authenticate with a security key.

    • If you are using iOS or macOS, you might be presented with an additional dialog where you must press Continue before authenticating with the key.

    Result:

    The Authentication window appears, prompting you to authenticate using your security key.

  3. Use your security key to authenticate.

    Select the Authentication browser window as the active window before you press the security key button.

Result

The green Authenticated message with a check mark appears, indicating successful authentication, and you are redirected to your account or app.

A screen capture of the Authenticated window with a green check mark.

Authenticating using a security key (Windows login)

Use your security key to authenticate for a successful sign-on to your Windows device.

Before you begin

  • The minimum version of Windows login you need depends on the following:

    • If your organization requires you to enter a password to authenticate, you’ll need PingID for Windows login 2.3 or later.

    • If your organization has eliminated passwords, you’ll need PingID for Windows Passwordless login 1.2 or later.

    If you’re not sure, check with your organization’s administrator.

  • If your organization requires you to enter a password when you sign on, it is not possible to use a FIDO2 security key to authenticate when accessing your Windows login account through RDP. If your organization has eliminated passwords, you can do so.

  • To use your security key to authenticate when you are offline, you must authenticate successfully at least once when online. For more information, see Authenticating using a security key for manual authentication.

About this task

The authentication flow varies slightly according to your organization’s configuration policy.

  • Passwordless authentication

    Animation showing how to authenticate with your security key when your organization does not require you to enter a username and password.

  • Authentication with a password

    Animation showing how to authenticate with your security key when your organization also requires you to enter a username and password.

Steps

  1. Sign on to your Windows laptop or desktop machine.

    Choose from:

    • If your organization has eliminated passwords: Under Sign-in options, click the PingID icon (PingID icon ), and then click the arrow.

    • If your organization requires a username and password: Under Sign-in options, click the key icon (frq1652790194722) , enter your username and password, and then click the arrow key.

    Windows login sign-on window

  2. (Windows passwordless users only) If you have more than one device paired with your account, you’ll see a list of your paired devices. Select the security key that you want to use to authenticate.

    Select Device window for passwordless authentication showing a list of paired devices.

  3. When you see a window asking you to authenticate with your security key, connect your security key, either physically through a USB cable or, if applicable, ensure NFC or Bluetooth are set to ON. If you have a biometrics security key, tap it with your fingerprint to authenticate, otherwise enter your PIN code, if prompted to do so.

    Authentication window prompting you to authenticate with your security key.

    You might see a message indicating that you are using one or more deprecated security key. If so, you should delete all deprecated devices (deprecated devices show the Delete option). Before you delete a device, make sure you have at least one alternative device paired with your account.

    Result:

    You are redirected to your Windows account.

    A screen capture of a user’s Windows desktop home page.

Authenticating using a security key for manual authentication (Windows login)

You are only prompted to authenticate manually if you are signing on to your Windows machine without a network connection or Wi-Fi.

Before you begin

  • To use your security key to authenticate when you are offline, you must authenticate successfully at least once when online. For information, see Authenticating using a security key (Windows login).

  • The minimum version of Windows login you need depends on the following:

    • If your organization requires you to enter a password to authenticate, you’ll need PingID for Windows login 2.3 or later.

    • If your organization has eliminated passwords, you’ll need PingID for Windows Passwordless login 1.2 or later.

    If you’re not sure, check with your organization’s administrator.

  • If your organization requires you to enter a password when you sign on, it is not possible to use a FIDO2 security key to authenticate when accessing your Windows login account through RDP. If your organization has eliminated passwords, you can do so.

  • If you are using a U2F security key, offline authentication is only supported when using PingID for Windows login 2.3 - 2.7.x.

About this task

Manual authentication with a security key is only possible if:

  • Your company policy and configuration allow the use of a security key to authenticate when offline.

  • You have already paired a security key and authenticated successfully at least once when online.

    From PingID for Windows login 2.8 and later, you can use any security key that is paired to your account as long as you have successfully authenticated with it at least once online using the specific Windows machine that you want to sign on from. For version 2.7 and lower, you need to pair a security key specifically for manual authentication.

Steps

  1. Connect your security key either physically through a USB cable or, if applicable, ensure NFC or Bluetooth are set to ON.

  2. Sign on to your Windows machine.

    1. If you are offline and do not have an internet connection, in the Manual Authentication window, follow the prompting to authenticate manually.

      A screen capture of the Manual Authentication window requesting you to select your authentication method.

      If you enrolled a security key for manual authentication in Windows login 2.7 or lower, and then upgraded to Windows login 2.8 or higher, you may see the same security key listed but with a different nickname. You should delete the deprecated duplicate device (deprecated devices show the Delete option). Before you delete a device, make sure you have at least one alternative device paired with your account.

    2. If you have more than one authentication method paired with your account, in the Authenticating on section, select Security Key.

    3. Click Next.

  3. Use your security key to authenticate.

    A screen capture of the Manual Authentication window prompting you to authenticate using your security key.

Result

The green Authenticated message appears with a check mark, indicating authentication is successful. You are redirected and signed on to your account or app.

A screen capture of the green Authenticated message with a check mark, indicating successful authentication.