PingID Administration Guide

FIDO2 authentication

PingID supports the use of the FIDO2, FIDO2 biometrics, and FIDO2 security keys for authentication.

PingID supports the use of the FIDO2 protocol, and PingID FIDO2 Server is a FIDO2 certified product.

zfe1618817176692

Users can authenticate with FIDO2 security keys, passkeys, or FIDO2-compatible accessing devices by using a gesture that is enabled by built-in biometrics support on the devices.

PingID’s FIDO2 compliance provides security benefits, including protection against phishing, man-in-the-middle, and replay attacks. This includes the following FIDO2 protocol security measures:

  • Based on public key cryptography

  • Ensures that private keys remain on the FIDO2 device only

  • Does not employ server-side shared secrets, that could otherwise be compromised

  • Isolates services from accounts

  • Does not employ a third party in the FIDO2 protocol

Enhanced FIDO2 authentication support

To benefit from enhanced FIDO2 authentication, you’ll need to integrate a PingID account with a PingOne environment.

FIDO2 integration modes

PingID supports the following FIDO2 integration modes: