PingID Administration Guide

PingID authentication attributes

The following table lists the PingID attributes that can be used to evaluate PingFederate policy upon successful authentication with PingID.

These attributes can be applied to a range of use cases. For example, they can be used to verify authentication assurance levels.

If the Type is Bypass or Policy Approve, all other authenticating device fields will not return a value.

Attribute

Description

Authenticating Device: Device used to authenticate, regardless of PingID policy

pingid.authentication.type

Authentication action type. Options include:

  • POLICY_APPROVE: User automatically approved

No authentication action is required by the user. * MOBILE_APP_BIOMETRICS: PingID Mobile App biometrics, e.g., FaceID, or Fingerprint * MOBILE_APP_SWIPE: PingID Mobile app swipe authentication * MOBILE_APP_OTP: PingID Mobile app one-time passcode (OTP) * SMS * VOICE * DESKTOP_OTP: PingID Desktop app OTP * YUBIKEY * SECURITY_KEY * FIDO2_BIOMETRICS * OATH_TOKEN * AUTHENTICATOR_APP: External authentication app, such as Google authenticator * BYPASS: Authentication bypassed

pingid.authentication.authenticating.device.id

The unique ID of the device from which the user is authenticating.

pingid.authentication.authenticating.device.longitude

Longitude of the authenticating device from which the user is authenticating. Relevant for online authentication only.

pingid.authentication.authenticating.device.latitude

Latitude of the authenticating device from which the user is authenticating. Relevant for online authentication only.

pingid.authentication.authenticating.device.altitude

Altitude of the authenticating device from which the user is authenticating. Relevant for online authentication only.

pingid.authentication.authenticating.device.accuracy

GPS location accuracy of the authenticating device from which the user is authenticating. Relevant for online authentication only.

pingid.authentication.authenticating.device.ip

IP address of the device from which the user is authenticating.

pingid.authentication.authenticating.device.app.version

App version running on the authenticating device. Relevant for devices running on PingID mobile app.

pingid.authentication.authenticating.device.model

Model of the device from which the user is authenticating. Relevant for authenticating devices running PingID mobile app.

pingid.authentication.authenticating.device.os.version

OS version installed on the device with which the user is authenticating. Relevant for authenticating devices running PingID mobile app.

pingid.authentication.authenticating.device.is.rooted

Indicates whether the device is rooted or jailbroken. Relevant for authentication devices running PingID mobile app.

pingid.authentication.authenticating.device.is.locked

Indicates whether the authenticating device has a lock screen configured that requires a passcode. Relevant for authenticating devices running PingID mobile app.

pingid.authentication.authenticating.device.is.mdm

Indicates whether mobile device management (MDM) is installed on the authenticating device.

Accessing device: Device used to access the user’s account or app

pingid.authentication.accessing.device.ip

IP address of the accessing device.

pingid.authentication.accessing.device.country

Country in which the accessing device from which the user is authenticating is located. Based on the IP address of the accessing device.

pingid.authentication.accessing.device.ip.reputation

IP reputation of the accessing device from which the user is authenticating. Possible values Low, Medium, or High, or Null, according to the values defined in the IP reputation rule in PingID Policy.