Allowed authentication methods
Define the authentication methods you want to make available for the policy in the Allowed Authentication Methods section. Only the selected allowed authentication methods are listed as options in the authentication rule Action list.
If a new authentication method is added as a PingID capability and the All Methods check box is not selected in the Allowed Authentication Methods section, you must edit each policy and select the check box of the new authentication method manually to include it in a policy. |
A description of the allowed authentication methods is shown in the following table.
Allowed Authentication Method | Description | ||
---|---|---|---|
All Methods |
Permit the use of all authentication methods currently configured for the organization. When the All methods check box is selected:
If the All methods check box is not selected:
|
||
Authenticator app |
Authentication using an authenticator app, such as Google authenticator, is permitted. |
||
Backup Authentication |
Authentication using a backup authentication method is permitted. This option is useful if a user forgets their device, or it is lost or stolen. The Forgot your device? link only appears if:
|
||
Desktop |
Authentication by a desktop app is permitted. |
||
Authentication by email is permitted. |
|||
FIDO2 Biometrics |
Authentication by a FIDO2 biometrics device is permitted for web-based policies only. |
||
Mobile App Biometrics |
Authentication by a supported biometrics devices is permitted and applied according to the configuration defined in the Admin portal. |
||
Number matching |
Authenticate by number matching is permitted.
|
||
Oath Token |
Authentication using an OATH Token is permitted. |
||
One-time passcode |
Authentication using a one-time passcode (OTP) obtained using PingID mobile app is permitted.
|
||
SMS |
Authentication using an OTP obtained through SMS is permitted. |
||
Security Key |
Authentication using a security key is permitted for web-based policies only. |
||
Swipe |
Authentication using swipe is permitted. |
||
Voice |
Authentication using an OTP obtained through voice message is permitted. |
||
YubiKey |
Authentication using a YubiKey is permitted. |