PingID Administration Guide

Updating a PingID account to use PingOne FIDO2 policy for Passkey support

If you have a PingID account that has been integrated with PingOne you can update it to support the FIDO2 authentication method. This allows you to benefit from the full range of options in the enhanced FIDO2 policy.

Before you begin

The FIDO2 authentication method is only available for PingID accounts that have been integrated into a PingOne environment.

About this task

The FIDO2 authentication method replaces the deprecated FIDO biometrics and security key authentication methods and offers expanded configuration options and support for a wide range of FIDO authentication devices, including cloud-synced FIDO devices.

If you have already integrated your PingID account with a PingOne environment, update it to use the enhanced FIDO2 policy.

  • Updating to FIDO2 permanently inactivates the legacy FIDO2 biometrics and Security Key authentication methods and cannot be undone. Note that at this stage, the FIDO2 authentication method cannot be used with DaVinci-based flows.

  • After updating a PingID account to use the FIDO2 authentication method it is no longer possible to unlink the PingID account from the PingOne environment. Deleting the PingOne environment will also delete the possible to unlink the PingID account.

Steps

  1. Sign on to the Admin portal and go to Setup → PingID → Configuration

    Result:

    After your PingID account is successfully integrated into a PingOne environment in the Alternate Authentication Methods section, you’ll see a new entry for the FIDO2 authentication method.

  2. In the Alternate Authentication Methods section, in the FIDO2 row, make sure the Enable and Pairing check boxes are selected.

    If you previously enabled Security Key or FIDO2 Biometrics authentication methods, those options are greyed out. These authentication options are removed and become legacy when you save the configuration changes.

    Screen Capture of the Alternate Authentication Methods section of the Configuration tab, showing the FIDO2 authentication method check boxes selected, and the Security Key and FIDO2 Biometrics check boxes greyed out
  3. Click Save. You’ll see the following warning message:

    Screen capture of a warning message that states

Result

All Security Key or FIDO2 Biometrics authentication methods and associated configurations are upgraded to the FIDO2 authentication method.

In PingOne, the FIDO2 policy shows the full range of options available, as well as the default Passkey and Security Key policies. To learn more about FIDO2 policy configuration, see Creating a FIDO policy in the PingOne Cloud Platform documentation.