(Legacy) Configuring FIDO2 passwordless authentication
FIDO2 passwordless authentication enables you to identify and authenticate a user based on the FIDO2 protocol without requiring the user to enter their username and password.
About this task
|
This topic is for passwordless authentication using legacy FIDO2 biometrics. For FIDO2 authentication method, see Configuring passwordless authentication for passkeys. |
To configure FIDO2 passwordless authentication, you must configure a PingFederate policy for a passwordless authentication flow. FIDO2 biometrics must then be enabled in the administrative console.
The process of registering a FIDO2 device is the same for both passwordless and secondary authentication flows. The user is directed to the relevant flow, according to your organization’s configuration. Once registered, the same FIDO2-compliant device can be used to authenticate with either flow. For more information, see Setting up Windows Hello authentication.
|
This feature requires PingFederate 9.3 or later. For more information, see (Legacy) FIDO2 biometrics authentication requirements and limitations. |
Steps
-
In the PingFederate administrative console, create a policy for passwordless authentication.
For more information, see (Legacy) Configuring a PingFederate policy for passwordless authentication with FIDO biometrics.
-
Sign on to the PingOne for Enterprise admin console and enable FIDO2 biometrics.
-
Go to Setup → PingID → Configuration.
-
Go to the Alternate Authentication Methods section, and in the FIDO2 Biometrics row, select the Enable check box.
-
Click Save.
-
Result
The changes are saved, and users can pair and authenticate with gestures defined on their FIDO2 biometrics accessing device. For more information, see Using Windows Hello for authentication.