Configuring the duration of new authentication requests
Configure the amount of time that an authentication request lasts before timing out.Customize the authentication experience to your user’s needs and reduce the number of users that experience a push notification timeout when attempting to authenticate using the PingID mobile app.
About this task
An authentication request consists of the following two parts, both of which are configurable:
-
Device Timeout: the maximum time allowed for a new authentication notification request to reach a user’s mobile device before timeout occurs. The default value is 25 seconds.
-
Total Timeout: the total amount of time a new authentication request has to reach a user’s mobile device before timeout occurs. The difference between the device timeout and total timeout indicates the amount of time the user has to respond upon receiving an authentication request before timeout occurs. The default value is 40 seconds.
You can configure timeout values per service, such as Web SSO, Windows login, API, SSH, or VPN, or set global timeout values that are applied to all services. You can increase the timeout values to extend the amount of time a user has to complete authentication on their mobile device before timeout occurs.
This is useful for users with a slow internet connection, for example. You can also use this feature with the direct passcode usage feature to enable users with slow connections to use a one-time password (OTP) to authenticate immediately, rather than responding through a push notification or waiting for the notification to timeout. For more information, see Configuring direct passcode usage.
Changes to the default timeout configuration are applied per organization to all authentication requests, including retry authentication attempts.
If push notifications are disabled for a user in the PingID mobile app (Swipe Settings → Disable Swipe), the user is directed to the fallback OTP flow immediately, and no timeout period is applied. |
Steps
-
In the admin console, go to Setup → PingID → Configuration.
-
In the New Request Duration section of the Authentication section, select one of the following options:
Choose from:
-
To apply the default timeout values, click Default.
-
To apply custom timeout values globally to all services, click Global. Use the arrows to adjust the values, or enter the values in the Device Timeout and Total Timeout fields.
-
To define timeout values per service, click Advanced. For each service that you want to customize, use the arrows to adjust the values, or enter the values in the Device Timeout and Total Timeout fields.
-
The range of valid timeout values are shown in parentheses next to each service name. If you do not change a value, PingID uses the default value. For each entry, the value in the Total Timeout field must be at least 15 seconds greater than the value in the Device Timeout field. |
-
Click Save.
Result:
The changes are saved and applied to users upon their next authentication attempt.