(Legacy) Configuring FIDO2 passwordless authentication
FIDO2 passwordless authentication enables you to identify and authenticate a user based on the FIDO2 protocol without requiring the user to enter their username and password.
About this task
This topic is for passwordless authentication using legacy FIDO2 biometrics. For FIDO2 authentication method, see Configuring passwordless authentication for passkeys. |
To configure FIDO2 passwordless authentication, you must configure a PingFederate policy for a passwordless authentication flow. FIDO2 biometrics must then be enabled in the administrative console.
The process of registering a FIDO2 device is the same for both passwordless and secondary authentication flows. The user is directed to the relevant flow, according to your organization’s configuration. Once registered, the same FIDO2-compliant device can be used to authenticate with either flow. For more information, see Setting up Windows Hello authentication.
This feature requires PingFederate 9.3 or later. For more information, see (Legacy) FIDO2 biometrics authentication requirements and limitations. |
Steps
-
In the PingFederate administrative console, create a policy for passwordless authentication.
For more information, see (Legacy) Configuring a PingFederate policy for passwordless authentication with FIDO biometrics.
-
Sign on to the PingOne for Enterprise admin console and enable FIDO2 biometrics.
-
Go to Setup → PingID → Configuration.
-
Go to the Alternate Authentication Methods section, and in the FIDO2 Biometrics row, select the Enable check box.
-
Click Save.
-
Result
The changes are saved, and users can pair and authenticate with gestures defined on their FIDO2 biometrics accessing device. For more information, see Using Windows Hello for authentication.