PingID Administration Guide

PingID integration for Windows login 2.4.2 (August 25, 2020)

Enhancements

PingID integration for Windows login through PingFederate

Streamline your organization’s Windows login experience with PingFederate’s cross organization authentication policies. You can now configure PingID credential provider to proxy through PingFederate before it accesses the PingID service, so your users can benefit from PingFederate’s authentication capabilities. Example use cases include: username mapping from Window login to your LDAP directory, creating group based policies (PingFederate and PingID) and integrating on-premise or third-party authentication methods into the authentication flow.

For more information, see Integrating PingID with Windows login.

Enable co-existence (on the same machine) of PingID credential provider and third party credential providers:

We’ve added the following capabilities:

  • Out-of-the-box MFA integration with McAfee Drive Encryption credential provider.

    For more information see the thirdPartyCredentials parameter in Installing the PingID integration for Windows login using CLI.

  • Support for third party credential providers.

    You can now enable one or more credential providers (such as CiscoAnyConnect) to work in parallel with the PingID credential provider (exclude them from being filtered out by PingID integration with Window Login). It is recommended that you check PingID credential provider can operate successfully on a machine that includes all of your third party credential providers, before you roll out PingID Integration for Windows Login.

    For more information see the CPWhitelist parameter in Installing the PingID integration for Windows login using CLI.

Ability to configure HTTP request timeout value:

We’ve added the option to configure a HTTP request timeout value for PingID authentication with Windows login. The value can be in the range of 1sec - 30 sec. The parameter can be defined when installing PingID integration for windows login through the CLI.

We’ve also changed the default HTTP request timeout value from 30 sec to 10 sec.

Note: The value configured for HTTP timeout applies to heartbeat checks, and does not influence the timeout value of the embedded browser requests.

For more information, see the HttpRequestTimeout parameter in Installing the PingID integration for Windows login using CLI.

Resolved issues

Ticket ID Description

PID-9402

Fixed an issue that was causing Windows login to attempt to access a dummy URL following log in to Windows.

PID-9368

Fixed an issue that was causing the PingID credential provider to consider a domain user account to be a Microsoft account in some cases.

PID-10111

Fixed an issue that was causing third party credential providers to be filtered out within a remote desktop connection.

PID-9404/PID-9447

Fixed security issues.

PID-10292

Fixed an issue with the Proxy configuration settings that was causing a problem when registering Security Keys for offline authentication.

PID-10258

Resolved an issue that was causing the service connection timeout to be longer than the default timeout value in certain cases.