Configuring pushless and TOTP MFA for a mobile application
A sign-on policy dictates how the user’s identity will be verified when signing on to the system.
In this example, you’ll configure the multi-factor authentication (MFA) step in a sign-on policy for pushless and time-based one-time password (TOTP) authenticator app support. This step is an extension of MFA using a mobile application.
-
Console
-
API
Configuring pushless and TOTP MFA for a mobile application using the admin console
Steps
-
Go to Authentication → MFA.
-
Locate your MFA policy and click the entry to open the details panel.
-
Click the Pencil icon to enter edit mode.
-
In Allowed Available Methods → Mobile Applications, click Application.
-
In OTP & Push, select one of the following options:
Choose from:
-
OTP: TOTP is enabled and Push is disabled.
-
Push (default): Push is enabled and TOTP is disabled.
-
OTP & Push: TOTP and Push are enabled.
-
-
Click Save.
Configuring pushless and TOTP MFA for a mobile application using the API
About this task
Application developers can use the API operations to configure TOTP and pushless MFA using a mobile app. The applications
parameter is an array of native applications, with additional configuration options for TOTP and pushless MFA.
For more information, see Creating a native app and creating a sign-on policy for a TOTP device.
Steps
-
To update the sign-on policy’s MFA action, set the
applications
parameter values using thePUT
operation. -
To configure the push and one-time passcode (OTP) options to determine the authentication method, set:
-
push.enabled = true
andotp.enabled = true
for both Push and TOTP -
push.enabled = true
andotp.enabled = false
for Push only -
push.enabled = false
andotp.enabled = true
for TOTP onlyIf you do not create push credentials, only OTP is available.
Example:
The complete
PUT
operation should look like the following: -
PUT https://api.pingone.com/v1/environments/{{envId}}/signOnPolicies/{{policyId}}/actions/{{mfaActionId}} { "priority": 1, "type": "MULTI_FACTOR_AUTHENTICATION", "sms": { "enabled": true }, "email": { "enabled": true }, "applications": [ { "id": "{{nativeAppId}}", "autoEnrollment": { "enabled": true, "noDevicesMode": "BYPASS" }, "deviceAuthorization": { "enabled": true, "extraVerification": "permissive" }, "push":{ "enabled":true }, "otp":{ "enabled":true } } ] }