FIDO2 authentication
PingID supports the use of the FIDO2, FIDO2 biometrics, and FIDO2 security keys for authentication.
PingID supports the use of the FIDO2 protocol, and PingID FIDO2 Server is a FIDO2 certified product.
Users can authenticate with FIDO2 security keys, passkeys, or FIDO2-compatible accessing devices by using a gesture that is enabled by built-in biometrics support on the devices.
PingID’s FIDO2 compliance provides security benefits, including protection against phishing, man-in-the-middle, and replay attacks. This includes the following FIDO2 protocol security measures:
-
Based on public key cryptography
-
Ensures that private keys remain on the FIDO2 device only
-
Does not employ server-side shared secrets, that could otherwise be compromised
-
Isolates services from accounts
-
Does not employ a third party in the FIDO2 protocol
Enhanced FIDO2 authentication support
To benefit from enhanced FIDO2 authentication, you’ll need to integrate a PingID account with a PingOne environment.
-
Create a new PingID account that is managed by a PingOne environment: the enhanced FIDO2 authentication method is enabled by default. Legacy FID2 biometrics and Security Key authentication methods are not available. Learn more: Creating a new PingID environment in PingOne.
-
Update an existing PingID account that is integrated with a new PingOne environment to benefit from the enhanced FIDO2 authentication method. For more information, see: Updating a PingID account to use PingOne FIDO2 policy for Passkey support.
FIDO2 integration modes
PingID supports the following FIDO2 integration modes:
-
PingID’s out of the box solution, using the PingID UI and the pingone.com domain. For more information, see:
-
API-based, using a custom UI that is not hosted by PingID, and a custom domain. For more information, see:
-
Hybrid mode, also API-based using a custom UI for registration that is not hosted by PingID, and PingID’s default UI for authentication. This mode leverages the pingone.com domain. For more information, see PPM request for FIDO authentication with a hybrid UI.