PingID Administration Guide

Integrating PingID with Windows login (passwordless)

Windows Login - Passwordless makes it possible for users to log-in to their Windows computer without a password, using just the PingID mobile app (version 1.15 or higher) or a FIDO2 security key.

A number of points to take into account before setting up Windows Login - Passwordless:

  • For users to use the passwordless login, they must already have a device that has been paired for PingID.

  • Windows Login - Passwordless includes support for Run as Admin.

  • Windows Login - Passwordless includes support for remote desktop (RDP). If you plan on using RDP, you must install Windows Login - Passwordless on both the accessing client and the remote computer. Learn more in Configuration for use with RDP.

Basic steps for setting up Windows Login - Passwordless

These are the main steps the administrator must carry out to set up the PingID integration with passwordless Windows login:

  1. Create a new environment in PingOne and connect it to your existing PingID account.

  2. Configure identity store provisioners.

  3. Create an "issuance" certificate in PingOne.

  4. Create an authentication policy in PingOne.

  5. Create and configure a passwordless Windows login application in PingOne.

  6. For Entra ID joined devices: Enable certificate-based authentication in Entra ID.

  7. Generate a Key Distribution Center (KDC) certificate (if necessary).

  8. Install the Windows Login - Passwordless integration software on the individual Windows client computers.

Learn more about the core concepts for this integration in Background concepts for the PingID for Windows Login - Passwordless integration.