PingID Administration Guide

(Legacy) Configuring FIDO2 biometrics for MFA authentication

To allow users to pair and authenticate using the built-in biometrics on their device for MFA (Multi-factor authentication), enable FIDO2 biometrics in the admin portal.

About this task

Users must enter their username (and password, if required), and are then prompted to authenticate with their device biometrics.

This topic is for authentication using legacy FIDO2 biometrics. To configure passwordless authentication for passkeys using the FIDO2 authentication method, see Configuring passwordless authentication for passkeys.

Steps

  1. Sign on to the admin portal.

  2. Go to Setup → PingID → Configuration.

  3. Go to the Alternate Authentication Methods section, and in the FIDO2 Biometrics row, select the Enable check box. A screen capture of the Alternate Authentication Methods section.

  4. Click Save.

Result

Users can pair and authenticate with gestures defined on their FIDO2 biometrics accessing device. For more information, see Using Windows Hello for authentication, Using Apple Mac Touch ID for authentication, and Using Android biometrics for authentication in the PingID End User Guide.