PingID Administration Guide

PingID integration for Windows login 2.0 (March 28, 2018)

Enhancements

PingID integration for Windows login for Workforce

Organizations can now further enhance security by extending MFA to end users logging into Windows desktops and laptops. This includes a new client key limiting end users to authentication actions, and the ability to authenticate even when end user devices are offline using the PingID mobile application.

FIPS mode support

PingID integration for Windows now supports Windows running in FIPS mode.

Resolved issues

Ticket ID Description

PID-5277

A case was discovered where a remote user started a session and closed the window before PingID integration for Windows completed the MFA process. This resulted in the local user at next login being presented with the MFA screen, displaying the point where the previous remote user left off. The local user was then unable to end the process, close the window, or progress in any way. This issue has been resolved.

Known issues and limitations

Admin message is not displayed on blocked screen when user is unpaired

When the bypassPolicy of PingID integration for Windows is configured to block user login, the admin message will not be displayed to users who do not have any paired devices and who are attempting to perform offline MFA (when the connection with the PingID server can’t be verified at the time of login).

Username is case sensitive in offline MFA

In cases of offline MFA for RDP using the NLA method, it is important to note that username submitted is case sensitive.