--- title: Configuring PingOne for the Financial Services solution description: Learn about how to configure PingOne as part of the Financial Services. component: pingone-solutions page_id: pingone-solutions:financial-services:getting-started/financial-services-configuring-p1 canonical_url: https://docs.pingidentity.com/pingone-solutions/financial-services/getting-started/financial-services-configuring-p1.html revdate: September 6, 2024 section_ids: about-this-task: About this task steps: Steps --- # Configuring PingOne for the Financial Services solution Verify that your PingOne environment has the necessary configuration to run the Financial Services solution and enable all the features that you want to use. ## About this task These steps ensure that the PingOne configuration is correct and enable features such as magic links, agreements, and social sign-on. ## Steps 1. Verify that you have an email server configured in PingOne. Learn more about email servers in [Configuring Trusted Email Addresses](https://docs.pingidentity.com/pingone/settings/p1_configure_trusted_email.html) in the PingOne documentation. 1. Go to **Settings > Sender**. 2. Click the **Pencil** icon. 3. On the **Email** tab, in the **Email Sender** section, click **Ping Server**. 4. In the **Domain** list, select your trusted email domain. 5. Enter the sender details: **From Name**: Enter the name that appears as the sender's name in the email message. **From Address**: Select an email address in the list, or click **New** to open the **New Address** page and create a new address. 6. Enter the reply-to details: **Reply-To Name**: Enter the name that appears as the reply-to name in the email message. **Reply-To Address**: Select an email address in the list, or click **New** to open the **New Address** page and create a new address. 7. Click **Save**. 2. Create or verify the required pre-generated notification templates in your PingOne environment. Learn more about adding and customizing notification templates in [Adding a notification](https://docs.pingidentity.com/pingone/user_experience/p1_add_notification.html) and [Editing a notification](https://docs.pingidentity.com/pingone/user_experience/p1_edit_notification.html) in the PingOne documentation. 1. Click one of the template links to view the corresponding template in the Ping Library: * [Account Disabled](https://library.pingidentity.com/page/ciam-plus-account-disabled-notification-template) * [Magic Link Authentication](https://library.pingidentity.com/page/ciam-plus-magic-link-authentication-notification-template) * [New Device Sign-in Activity](https://library.pingidentity.com/page/ciam-plus-new-device-signin-activity-notification-template) * [Password Changed](https://library.pingidentity.com/page/ciam-plus-password-changed-notification-template) * [Suspicious Activity](https://library.pingidentity.com/page/ciam-plus-suspicious-activity-notification-template) 2. Click **Copy** to copy the template HTML. 3. In PingOne, go to **User Experience > Notification Templates**. 4. Click **[icon: plus, set=fa]**to create a new template. 5. In the **Type** list, select **General**. 6. In the **Name** field, enter the template's name as it is displayed on the Ping Library page. 7. Click **Create**. 8. In the **Email** section, in the **Subject** field, click the **Pencil** icon and enter a subject corresponding to the template: | Notification Template | Subject | | --------------------------- | ------------------------- | | Account Disabled | Critical security alert | | Magic Link Authentication | Magic link authentication | | New Device Sign-in Activity | Security alert | | Password Changed | Password change | | Suspicious Activity | Security alert | 9. Click the **[icon: check, set=fa]**icon to save the subject changes. 10. Click the **Edit** icon in the **New Email** field, then paste the template HTML you copied in step b. 11. Click the **Save** icon to save the field changes. 12. Click the **X** icon to close the template. 13. Repeat steps a - l for each remaining template. 3. Create the **Money Transfer/Payment Request** template: 1. In PingOne, go to **User Experience > Notification Templates**. 2. Click **[icon: plus, set=fa]**to create a new template. 3. In the **Type** list, select **General**. 4. In the **Name** field, enter `Money Transfer/Payment Request`. 5. Click **Create**. 6. In the **Subject** field, configure a subject: 1. Click the **Pencil** icon. 2. Enter the subject `Action Required: ${flowType} Request`. 3. Click the **[icon: check, set=fa]**icon. 7. In the **New Email** field, configure the message body: 1. Click the **Pencil** icon. 2. Enter a body for the new transaction message. For example: ```html
Company Logo

${flowType} Request

A request for ${flowType} of ${currency}${amount} from ${moneyFrom} to ${moneyTo} has been made. If this wasn't you, do not approve this ${flowType} and change your password.

``` 3. Click the **[icon: check, set=fa]**icon. 8. Click **X** to close the template. 4. Update the content of the existing **New Device Paired** notification template: 1. Open the [New Device Paired](https://library.pingidentity.com/page/ciam-plus-new-device-paired-notification-template) template entry in the Ping Library. 2. Click **Copy** to copy the template HTML. 3. In PingOne, go to **User Experience > Notification Templates**. 4. Find the **New Device Paired** notification template and click **⋮ > Edit**. 5. In the **New Email** field, click the **Pencil** icon, then paste the template HTML you copied in step b. 6. Click the **Save** icon to save the field changes. 7. Click the **X** icon to close the template. 5. Verify that you have a multi-factor authentication (MFA) *(tooltip: \
\

An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.\

\
)* policy configured in PingOne. Learn more in the PingOne [MFA policies](https://docs.pingidentity.com/pingone/authentication/p1_mfa_policies.html) documentation. 1. In PingOne, go to **Authentication > MFA**. 2. Click the MFA policy marked as the default and verify that its **Allowed Authentication Methods** include the authentication methods that you want to use from the following: * **Email** * **SMS** * **FIDO2** * **Voice** * **TOTP** * **Mobile** 6. Verify that the default population exists: 1. Go to **Directory > Populations**. 2. In the list of populations, verify that a population is marked as **Default**. 3. If no existing population is marked as **Default**, select a population and go to **More options ( [icon: ellipsis-v, set=fa]) > Edit Population**. 4. Click **Make Default Population**. 5. Click **Switch**. 6. Click **Save**. 7. Add the attributes required for the solution. | | | | - | ------------------------------------------------------------------------------------ | | | These attributes must be populated for the Financial Services to function correctly. | 1. Go to **Directory > User Attributes**. 2. Click the [icon: plus, set=fa]icon. 3. Click **Declared**. 4. Click **Next**. 5. Enter the information for one of the following attributes: | Name | Display Name | Description | | ---------------------- | ---------------------- | ------------------------------------------------------------------------- | | `minPaymentLimit` | `minPaymentLimit` | The user's minimum payment size. | | `maxPaymentLimit` | `maxPaymentLimit` | The user's maximum payment size. | | `currency` | `currency` | The currency symbol for the user's locale. | | `userPaymentOnline` | `userPaymentOnline` | Indicates whether online transactions are enabled or disabled. | | `userPaymentThreshold` | `userPaymentThreshold` | A threshold above which approval is required for transfer and payment. | | `userPaymentLimit` | `userPaymentLimit` | A limit above which online payment or transfer requests are denied. | | `checkingBalance` | `checkingBalance` | The user's checking account balance. | | `savingsBalance` | `savingsBalance` | The user's savings account balance. | | `accountVisibility` | `accountVisibility` | Contains user preferences for sharing data with third parties. | | `mortgageAccount` | `mortgageAccount` | Contains user mortgage account data including balance and account number. | | `creditCardAccount` | `creditCardAccount` | Contains user credit card data including balance and account number. | 6. Click **Save**. 7. Repeat steps b - f for each remaining attribute. 8. Populate these attributes with values for each user. Learn more in the [PingOne User Attribute documentation](https://docs.pingidentity.com/pingone/directory/p1_user_attributes.html). 8. (Optional) If you plan to use PingOne Protect and you don't want to use the default risk policy, create a new risk policy according to the [PingOne Protect documentation](https://docs.pingidentity.com/pingone/threat_protection_using_pingone_protect/p1_protect_adding_risk_policy.html). 9. Create a PingOne Authorize policy: 1. Go to **Authorization > Policies**. 2. Click the **Plus** icon and select **Add Policy**. 3. In the **Name** field, enter `Payment checks`. 4. Add a maximum payment rule: 1. Click **+ Add Rule**. 2. In the **Name** field, enter **Deny payments over maximum payment limit**. 3. In the hamburger menu, click **Add "Applies When"**. 4. In the **Applies When** section, click **Comparison**, then enter the parameters `Amount`, `Greater Than`, and `PingOne.User.userPaymentLimit`. 5. In the **Effect** list, select **Deny**. 6. Click **Save Changes**. 5. Add a rule to allow payments between the minimum and the maximum threshold: 1. Click **+ Add Rule**. 2. In the **Name** field, enter `Permit payment more than minimum payment limit and less than threshold limit`. 3. In the hamburger menu, click **Add "Applies When"**. 4. In the **Applies When** section, click **Comparison**, then enter the parameters `Amount`, `Greater Than`, and `PingOne.User.userPaymentThreshold`. 5. In the **Applies When** section, click **Comparison**, then enter the parameters `Amount`, `Less Than or Equal`, and `PingOne.User.userPaymentLimit`. 6. In the **Effect** list, select **Permit**. 7. Click **Save Changes**. 6. Add a maximum payment rule: 1. Click **+ Add Rule**. 2. In the **Name** field, enter `Require approval for payment more than payment threshold limit`. 3. In the hamburger menu, click **Add "Applies When"**. 4. In the **Applies When** section, click **Comparison**, then enter the parameters `Amount`, `Less Than or Equal`, and `PingOne.User.userPaymentThreshold`. 5. In the **Effect** list, select **Permit**. 6. Click **+ Add Statement**. 7. In the **Name** field, enter `Approval required when amount more than threshold limit`. 8. Click **Save Changes**. 10. Add the transaction amount as an attribute: 1. Go to **Authorization > Trust Framework**. 2. Click the plus icon and select **Add Policy**. 3. Click the **Attributes** tab, then click **Create new Attribute**. 4. In the **Name** field, enter `Amount`. 5. Click **Add Resolver** and select the **Request Parameter** resolver type. 6. In the **Type** list, select **Number**. 7. Click **Save Changes**. 11. (Optional) If you plan to use FIDO2, verify that the default **Passkeys** policy is selected. Learn more about FIDO policies in the [PingOne FIDO policies](https://docs.pingidentity.com/pingone/authentication/p1_fido_policies.html) documentation. 1. Go to **Authentication > FIDO**. 2. Verify that the **Passkeys** policy is set as the default. 3. If the **Passkeys** policy is not the default, go to **⋮ > Make Default**, then click **Save**. 12. (Optional) If you plan to use an agreement, verify that you have an agreement configured in PingOne and copy the agreement ID. Learn more about configuring agreements in [Adding an agreement](https://docs.pingidentity.com/pingone/user_experience/p1_add_an_agreement.html) in the PingOne documentation. 1. Go to **User Experience > Agreements**. 2. Verify that the agreement exists and is enabled. 3. Click the agreement to open the details panel. 4. On the **API** tab, copy the **ID**. The agreement ID is used in a later procedure to configure the flows in DaVinci. 13. (Optional) Verify that you have an external identity provider (IdP) configured in PingOne for each valid third party you want to use as a social sign-on option. Learn more about how IdPs are used in PingOne in [Identity Providers](https://docs.pingidentity.com/pingone/integrations/p1_external_idps.html) in the PingOne documentation. 1. If you want to use Google as a social sign-on option, verify that Google is configured as an IdP according to the procedure in [Adding an identity provider - Google](https://docs.pingidentity.com/pingone/integrations/p1_addidentityprovidergoogle.html). During configuration, use the following property mappings: | Google Property | PingOne Property | | --------------- | ---------------- | | `email address` | `username` | | `email address` | `email` | | `family name` | `family name` | | `given name` | `given name` | 2. If you want to use Facebook as a social sign-on option, verify that Facebook is configured as an IdP according to the procedure in [Adding an identity provider - Facebook](https://docs.pingidentity.com/pingone/integrations/p1_addidentityproviderfacebook.html). During configuration, use the following property mappings: | Facebook Property | PingOne Property | | ----------------- | ---------------- | | `email address` | `username` | | `email address` | `email` | | `family name` | `family name` | | `given name` | `given name` | 3. If you want to use Apple as a social sign-on option, verify that Apple is configured as an IdP according to the procedure in [Adding an identity provider - Apple](https://docs.pingidentity.com/pingone/integrations/p1_add_idp_apple_prereqs.html). During configuration, use the following property mappings: | Apple Property | PingOne Property | | --------------- | ---------------- | | `email address` | `username` | | `email address` | `email` |