Using a hardware token (OTP) for authentication with PingID
You can use your hardware token to get a one-time passcode (OTP) that you can use for secure authentication with PingID. To set up your hardware token, you need to register or 'pair' it with your account.
Pairing creates a trust between the hardware token and your account so that you can use it to authenticate during the sign on process.
You can use a hardware token to access your account using a Web browser, to access your company’s VPN, or to access a Windows login or Mac login machine.
-
Web or Mac
-
VPN
-
Windows login
Pairing your hardware token (web)
Register or 'pair' your hardware token so that you can generate a one-time passcode (OTP) and use it to authenticate securely with PingID when accessing your account or app from a web browser.
About this task
After you have paired your device and authenticated successfully, you can also use it to authenticate for Windows login or Mac login, if required. |
Steps
-
Sign on to your account or app and when you see the registration window, click Start.
You’ll see the Add a New Device window, showing the QR code.
-
In the Add a New Device window, click Hardware Token.
Result:
The Hardware Token Pairing window displays.
-
Enter your token serial number. Click Next.
The serial number is usually printed on the back of your token.
Result:
The Verification window displays.
You might see the Final Step window. It indicates that you token needs to be resynchronized, if so, follow the instructions and then click Sync.
-
Enter the passcode from your hardware token. Click Verify.
Result:
A green check mark appears, indicating your device is paired successfully. You are automatically signed on to your account or app.
-
The next time you sign on to your account or application, you need to authenticate using your hardware token.
For more information, see Authenticating using a hardware token (Web).
Pairing your hardware token (VPN)
Register or 'pair' your hardware token so that you can generate a one-time passcode (OTP) and use it to authenticate securely with PingID when accessing your VPN.
Steps
-
From your web browser or app, sign on to your VPN and enter your username and password.
-
You will be asked to choose between several pairing devices. Enter
other
. -
Click Sign in.
-
In the next text entry field, enter
token
followed by a space and then the serial number of your hardware token. (The serial number is usually printed on the back of the token. For example,token 12345678
.) -
In the OTP text entry field, enter the passcode on your hardware token.
-
Click Sign in.
Result:
Your hardware token is paired and authentication completed. You are signed into your VPN.
Pairing your hardware token (Windows login)
Register or 'pair' your hardware token so that you can generate a one-time passcode (OTP) and use it to authenticate securely with PingID when accessing your Windows login machine.
Steps
-
Sign on to your Windows machine.
Result:
The PingID registration window displays.
Until you successfully complete the registration process, you cannot minimize the PingID registration window. If you close the window, you are automatically redirected back to the Windows login window.
-
Click I want to use a different authentication method.
-
In the Alternative Authentication window, in the Authentication Preference section, click Authentication using a hardware token. Click Next.
+
Result:
+ The Hardware Token Pairing window appears requesting the Serial number of your token.
+ image::mbn1564021291180.png[alt="A screen capture of the Hardware Token Pairing window."]
-
In the Serial number field, enter your token serial number. Click Next.
The serial number is usually printed on the back of your token.
Result:
The OTP entry window is displayed
-
Enter the OTP from your token. Click Verify.
+
Result:
+ You are signed on to your Windows machine.
-
The next time you sign on to your Windows machine:
-
You receive a OTP through your hardware token.
-
Enter the hardware token OTP in the Hardware Token Verification window.
-
Click Sign On to authenticate and sign on.
-