PingID End User Guide

Troubleshooting PingID authentication issues

Find solutions to common PingID authentication issues.

Troubleshooting PingID authentication

The following use cases provide solutions to common PingID authentication issues that end users might encounter.

After entering the wrong password a number of times, I am told that I am locked out

Solution

After three incorrect password attempts, you are locked out for two minutes. Try again after the two minutes have passed.

I’m trying to pair or authenticate with PingID mobile app using Face or Iris biometric authentication on my Android device. I am unable to complete the process as I get an error message 'Canceled'

Because of Android biometrics security limitations, Face and Iris recognition aren’t supported for use with the PingID mobile app on some devices.

Solution

  1. Make sure you have defined biometrics on your device.

  2. If you are trying to use Face or Iris recognition, and your device doesn’t appear to be supported, try the following additional configuration steps:

    1. Configure Fingerprint authentication. On some devices, Face or Iris recognition only appears when Fingerprint recognition is also configured on the Android device.

    2. Make sure you are using the latest version of Android OS on your device. Some devices require the latest version of Android OS to support Face or Iris authentication with PingID mobile app.

If you still can’t authenticate using Face or Iris recognition, then your device doesn’t support face or iris authentication with PingID mobile app.

If you can’t authenticate with Face or Iris recognition, use Fingerprint authentication.

I have defined both Face and Fingerprint on my Android device, but when I authenticate with PingID mobile app, I don’t have the option to choose between them

Solution

  • Some Android devices don’t give the option to choose between different biometrics authentication methods when authenticating with PingID mobile app. In such cases, set the primary method you want to use to authenticate in your device settings.

  • Because of Android biometrics security limitations, Face and Iris recognition aren’t supported for use with the PingID mobile app on some devices.

I received a message that my device is jailbroken, but I don’t think that my device is jailbroken.

If your company implements a policy that doesn’t allow the use of a jailbroken device, you receive this error if your device is jailbroken. You might also see this error in the following instances:

  • Scenario A: Your device has applications that contain code that appears the same as a jailbroken application, such as the Cydia app. If so, your device appears as jailbroken to PingID mobile app, preventing you from authenticating.

  • Scenario B: If you backup and restore to your current device using a backup that originates from a previous device that was jailbroken, it flags your current device as jailbroken even though the jailbreak activity wasn’t performed on your current device.

    Solution

    Scenario A: Check whether you have any apps with the Cydia scheme and then uninstall them:

    1. On your device, open the Safari browser and in the address field, enter the following:

      cydia://

    If you have an app that appears to PingID as a jailbroken app, a window displays asking you to Open this page in <problematic app name>.

    1. Uninstall any problematic apps that are listed in the alert.

Scenario B: If you want to use PingID mobile app on this device, you must erase all contents and settings and then reinstall PingID mobile app.

Erasing all content and settings deletes all of the apps, data, and personal settings from your device. Your device will reset to the factory defaults.

  1. On your device, go to Settings → General and tap Erase all content and settings.

  2. If you want to restore a backup, make sure the device from which the backup restores doesn’t originate from a device that was jailbroken in the past.

Authentication error message

If you have an authentication error, you receive an error message that varies depending on your device:

  • iOS::

    You must have Touch ID enabled to authenticate with PingID.

  • Android::

    You must have fingerprint enabled to authenticate with PingID.

If these messages display, then your organization defined Fingerprint authentication as a requirement for signing on to services protected by PingID mobile app.

Solution

To authenticate, enable Touch ID or Fingerprint recognition on your mobile device.

Troubleshooting PingID mobile app notifications (iOS)

You need to be able to receive notification to your device when authenticating with PingID mobile app. If you are experiencing delays receiving notifications to your device, the following use cases provide solutions to common issues that iPhone users report with delays receiving notifications to their devices.

Turn off scheduled notification summary

When the notification summary feature is enabled, it prevents your iPhone from sending notifications straight away. Instead, it schedules them to appear at a specific time during the day. Disable notification summary so that you receive notifications immediately.

Solution

  1. On your iPhone device, go to Settings → Notifications.

  2. Tap Scheduled Summary and then make sure it is turned off.

Turn off Focus Mode or add PingID to the allowed notifications list

Focus mode (Do Not Disturb) silences calls, notifications, and alerts during designated times, so you can focus on other things without being disturbed.

Solution

Disable Focus Mode, or add PingID mobile app to the Focus Mode allowed list, so that you continue to receive notifications even when Focus Mode is on. .

  1. On your iPhone device, go to Settings → Focus → Do Not Disturb.

  2. Do either:

    • Allow notifications from PingID mobile app: Tap Allowed Notifications → Apps → Add App and select PingID mobile app.

    • Turn offDo Not Disturb to disable Focus Mode completely.

  3. Make sure Focus Mode is not configured to turn on automatically: Go to Turn On Automatically and make sure that Schedule is disabled.

Allow Notifications for PingID mobile app

Make sure that your iPhone is set to allow notifications for PingID mobile app.

Solution

  1. On your iPhone device, go to Settings → PingID mobile app → Notifications.

  2. Make sure Allow Notifications is enabled, and Time Sensitive Notifications is enabled.

  3. On the same screen, allow PingID mobile app to send alerts on the Lock Screen, Notification Center, and Banners.

Disable Low Data Mode

If your iPhone is set to enable Data Savings, it can prevent PingID mobile app from using data in the background, causing delays to your receiving notifications.

Solution

Disable Low Data Mode if you are using Wi-Fi:

  1. On your iPhone device, go to Settings → Wi-Fi.

  2. Tap the Info icon next to the Wi-Fi network to which you are connected and make sure that Low Data Mode is disabled.

Disable Low Data Mode if you are using Mobile Data:

  1. On your iPhone device, go to Settings → Mobile Data → Mobile Data Options.

  2. Make sure that Low Data Mode is disabled.

Disable Low Power Mode

If your iPhone battery saver is enabled, it can prevent PingID mobile app from running in the background, causing delays to your receiving notifications on time.

Solution

Disable Low Power Mode:

  • On your iPhone device, go to Settings → Battery and make sure Low Power Mode is disabled.

Update PingID mobile app

Make sure you are running the latest version of PingID mobile app. See Updating the PingID mobile app.

Update your iPhone

Updating your iPhone to the latest version ensures you benefit from the latests bug fixes and improvements, to help you with any issues you might be experiencing with your iPhone, and notifications.

Solution

Check for and install any pending updates.

  • On your iPhone device, go to Settings → General → Software Update and download and install any pending updates.

Reset your iPhone

If you still experience issues with delayed notifications, your last option is to reset your iPhone. This process resets all of your iPhone settings to the factory default, and should only be attempted if all of the other solutions presented do not fix your issue. If your personal files are backed up, they will not be affected.

Solution

To reset your iPhone:

  1. On your iPhone device, go to Settings → General → Transfer or Reset iPhone.

  2. Tap Reset and then select Reset All Settings.

Troubleshooting device management

This section lists issues that you might encounter if you have more than one device paired with your account.

I’m trying to add a device. I’m being prompted to authenticate using FIDO2 biometrics, even though my accessing device is not paired with PingID.

If you only have FIDO2 biometrics devices paired with your account and your current accessing device is not paired with your account, you cannot manage your devices from the My Devices page.

Access the My Devices page from a FIDO2 biometrics device that is paired with your account and add an additional device, such as email, SMS, or Security Key. When accessing the My Devices page from your non-paired biometrics device, you can authenticate using the additional device and can then pair the new FIDO2 biometrics device to your account (recommended).

I cannot edit the mobile device details on My Devices page

A screen capture of the My Devices page with an active edit of a currently paired device and its details.

When I click the Expand icon (qpr1564020912200 ) next to one of the devices listed on the My Devices page, the details are not displayed and I cannot edit them.

The reason is that you can only change the device details for email, SMS, and voice authentication types. However, you can edit the description or device nickname for all authentication types.

My personal details are visible for one of my devices even when the screen is masked or locked

A screen capture of the My Devices page displaying a list of all the currently paired devices.

For your security, the My Devices page automatically masks or locks your personally identifiable information (PII) after a few minutes of inactivity and prompts you to authenticate if you want to make changes.

Only information in the Device Details field is masked automatically. Information in your device Nickname field is not automatically masked. Remove any personal information from the device nickname field. For more information, see Adding and reordering devices.

A screen capture of the Change Authenticating Device window displaying a selected authentication device from the list of all your available devices with the Sign On or Settings options.

When I click the Settings button nothing happens, and I’m unable to access the My Devices page

When you click Settings from the Authentication or Change Authenticating Device page, the system generates a new authentication request. You’ll need to authenticate again to access the My Devices page.

If your primary authentication device is email, SMS, or voice, it generates a one-time passcode (OTP) with which to authenticate. When you click Settings, a new OTP will be sent to your device, so make sure to check it. You must use the new OTP to access the My Devices page because any previously issued passcodes are no longer valid.

When I enter my one-time passcode, I see the message 'invalid passcode'

If you entered the wrong passcode or an old passcode that is no longer valid, you receive the message Invalid passcode. To generate a new passcode choose from the following actions:

  • Click Resend Passcode. A new passcode is sent to the same device.

  • Click Change Device, and select a different device with which to authenticate.

A screen capture of the invalid passcode message displaying a one-time passcode with the Resend passcode link and Change Device option.

When trying to authenticate, I see the message 'Timed Out'

When prompted to authenticate, you have a limited timeframe in which to authenticate. This timeframe is defined by your organization. If you wait longer than the time defined, you see the Timed Out message. To try again, choose from the following actions:

  • Click Retry.

  • Click Change Device, and select a different device with which to authenticate.

A screen capture of the Timed out message with the Retry and Change Device option.

Troubleshooting FIDO2 biometrics

This section lists common issues that end users may encounter when using FIDO2 biometrics authentication.

I am trying to sign on to my account using Safari and I see the error 'Found no credentials on this device', even though my device is paired with PingID

if you recently accessed the Safari settings on your iOS or Mac device, and selected Clear history and website data from Safari, your PingID credentials are also deleted.

Solution

I paired my Mac and can authenticate in one browser, but when I switch to a different browser, I can’t authenticate

Mac Touch ID FIDO2 authentication is browser specific, so although it is supported by both Safari and Chrome browsers, when you pair your device, you can only authenticate using the same browser that you used to pair your account.

Solution

To authenticate from more than one browser, you need to pair your device with the second browser separately.

  1. Pair your Mac Touch ID device with a browser. In this example, we’ll use Safari. For information, see Pairing your Mac Touch ID device.

  2. From that browser - in this example, Safari - go to your Devices page, and add another authentication device, such as a security key. For information, see: Adding and reordering devices.

  3. Go to the second browser that you want to use - in this example, Chrome.

  4. From Chrome, sign on to your account and authenticate with the second device - in this example, a security key.

    If your Mac Touch ID device is your primary authentication method, you’ll need to click Change Device and select the Security Key specifically.

  5. In Chrome, go to your Devices page and click Add. You may be prompted to authenticate with your security key.

  6. In the Add a New Device window, click Touch ID and then follow the instructions to pair your Touch ID device from the new browser. For information, see Pairing your Mac Touch ID device.

  7. When you have completed pairing your device, expand the entry and rename the new Mac device entry, to specify which browser it can be used to access. Do this for your existing entry too. That way, when you authenticate, you can select the right authentication method for your browser. My Devices window showing a Touch ID paired device

I am trying to pair my FIDO2 biometrics device and I don’t see it as an option in the list of authentication methods

Solution

  • Check that the device you are using supports FIDO2 platform biometrics.

  • Check that the browser you are using supports FIDO2 platform biometrics (e.g. the latest version of Chrome or Microsoft Edge).

  • Ensure you have configured biometrics (e.g. your fingerprint or face) on your FIDO2 device.

  • Ensure you are accessing your account from the biometrics device you want to pair (for example, access your account from Windows Hello machine if you want to pair a Windows Hello machine). This applies even when adding the device via the Devices page.

I am prompted to authenticate using one of the existing biometrics devices paired with my account, although I am trying to pair with my new device.

I have at least one biometrics device already paired with my account (Windows Hello, Apple Mac Touch ID, iOS, iPadOS or Android biometrics).

Solution

Log on to your Devices page using one of your paired biometrics device, and then pair an additional (non-FIDO2 biometrics) device with your account, such as YubiKey or authentication app. You can then log on to your Devices page from your new biometrics device, and add your biometrics device via the Devices page. Here’s an example of how to do that.

Animation showing how to troubleshoot this issue

I am prompted to authenticate with FIDO2 biometrics even though my device is not paired as FIDO2 biometrics

Solution

Do one of the following:

  • Pair your FIDO2 biometrics device. After pairing, you can authenticate using the device the next time you are prompted to do so. To pair your device, see Pairing your Mac Touch ID device.

  • Change your authentication device. When prompted to authenticate, click Change Device and authenticate with one of your paired devices.

I want to authenticate using my biometrics device, but I am prompted to authenticate with a Security Key. I cannot authenticate with either device.

This could occur if you are logging on to your account using a device that supports biometrics and either:

  • Biometrics (e.g., fingerprint or face) are not defined on your device, or have been deleted from your device.

  • Biometrics authentication was not successful (e.g., your face is defined but was not recognized by your device).

    Solution

  • Check all biometrics are defined correctly on your device, and that you are using the latest version of a browser that supports FIDO2 platform biometrics.

  • If you have another device paired with your account, in the browser window:

    1. Cancel the security key request.

    2. Select Change Device, if available and select an alternative device to authenticate.

It is recommended that you pair your biometrics device with PingID so you can benefit from FIDO2 biometrics authentication on that device as well in the future.

I want to authenticate using my biometrics device, but I am prompted to authenticate with a Security Key even though I do not have one paired with my account

This could occur if you are logging on to your account using a device that supports biometrics and either:

  • Biometrics (e.g., fingerprint or face) are not defined on your device, or have been deleted from your device.

  • Biometrics authentication was not successful (e.g., your face is defined but was not recognized by your device).

    Solution

  • Check all biometrics are defined correctly on your device, and that you are using the latest version of a browser that supports FIDO2 platform biometrics.

  • If you have another device paired with your account, in the browser window:

    1. Cancel the security key request.

    2. Select Change Device, if available and select an alternative device to authenticate.

It is recommended that you pair your biometrics device with PingID so you can benefit from FIDO2 biometrics authentication on that device as well in the future.

I registered my Windows Hello device but is does not appear as an option when trying to log in or authenticate

Solution

  • Check all biometrics are defined correctly on your device.

  • Ensure you are using an operating system that supports FIDO2 platform biometrics

  • Ensure you are using the latest version of a browser that supports FIDO2 platform biometrics.

Troubleshooting a security key authentication

This section lists common issues that you may encounter when pairing and authenticating with a security key.

Error message when I try to authenticate

I try to log on and see the following error message:

Screen capture showing an error message

Solution:

  • The browser you are using does not support the use of a security key, or you are not using the latest version of the browser.

  • Open a browser that supports use of security key, such as Google Chrome, and make sure you have the most up-to-date browser version installed on your device.

Security key doesn’t respond when I tap itI enter my username and password and then tap the security key when prompted, but nothing happens.

Solution:

  • Make sure the browser window is the active window before you tap the security key. You can do this by clicking anywhere in the browser window.

  • Make sure your security key is connected appropriately - either physically via a USB cable, or ensure NFC, or Bluetooth are set to 'ON'.

I am not given the option to authenticate using my security key, and must authenticate with a different device

I enter my username and password and I am prompted to authenticate using a different device. This happens even if my device is the primary device, or I have the option to choose a different device.

Solution:

  • The browser you are using may not support the use of a security key, or you are not using the latest version of the browser.

  • Open a browser that supports use of security key, such as Google Chrome, and make sure you have the most up-to-date browser version installed on your device.

  • Make sure your security key is connected appropriately - either physically via a USB cable, or ensure NFC, or Bluetooth are set to 'ON'.

I want to authenticate using my biometrics device, but I am prompted to authenticate with a Security Key. I cannot authenticate with either device.

This could occur if you are logging on to your account using a device that supports biometrics and either:

  • Biometrics (e.g., fingerprint or face) are not defined on your device, or have been deleted from your device.

  • Biometrics authentication was not successful (e.g., your face is defined but was not recognized by your device).

Solution:

  • Check all biometrics are defined correctly on your device, and that you are using the latest version of a browser that supports FIDO2 platform biometrics.

  • If you have another device paired with your account, in the browser window:

    1. Cancel the security key request.

    2. Select Change Device, if available and select an alternative device to authenticate.

It is recommended that you pair your biometrics device with PingID so you can benefit from FIDO2 biometrics authentication on that device as well in the future.

I want to authenticate using my biometrics device, but I am prompted to authenticate with a Security Key, even though I do not have one paired with my account.

This could occur if you are logging on to your account using a device that supports biometrics and either:

  • Biometrics (e.g., fingerprint or face) are not defined on your device, or have been deleted from your device.

  • Biometrics authentication was not successful (e.g., your face is defined but was not recognized by your device).

Solution:

  • Check all biometrics are defined correctly on your device, and that you are using the latest version of a browser that supports FIDO2 platform biometrics.

  • If you have another device paired with your account, in the browser window:

    1. Cancel the security key request.

    2. Select Change Device, if available, and select an alternative device to authenticate.

It is recommended that you pair your biometrics device with PingID so you can benefit from FIDO2 biometrics authentication on that device as well in the future.

I am trying to pair my security key while using a virtual machine (VM), and I’m getting a message that it’s already paired

I’ve never paired this security key with my account before.

Solution: The VM may not be recognizing your security key.

  • If you are using a virtual machine (VM), and want to pair your security key, check your VM configuration, and make sure the security key that you are trying to pair is recognized by your VM.