PingOne

Enrolling a user authentication device

PingOne MFA authenticates a user by sending a notification to the user’s authentication device and then receiving a corresponding response within a specified amount of time.

The permitted notification methods are configured in sign-on policies. For PingOne MFA to send notifications to a user, the user must have at least one authentication device associated with their user profile (also known as device pairing).

In a multi-factor authentication (MFA) environment, the default sign-on policy is a single step of MFA. A user who wants to sign on to the MyAccount UI must have an MFA device in advance, except for the admin, who can sign on to MyAccount from the admin console.

A user needs at least one associated device for PingOne MFA. In this example, your user’s authentication device is an email address that receives a one-time passcode (OTP) each time PingOne MFA is triggered.

  • Console

  • API

Enrolling a user authentication device using the admin console

Steps

  1. In a browser window, go to the MyAccount UI at https://apps.pingone.com/<envId>/myaccount/#mfa.

  2. At the sign-on prompt, enter the username and password.

    For the purpose of this example getting started flow, you can use your admin account credentials.

  3. At the top of the page, click Authentication.

  4. Click Add Method.

  5. Click Email.

  6. Enter the email address that will receive OTP email notifications for PingOne MFA.

    Result:

    An OTP email notification is sent to the email address.

  7. Click Next.

  8. To complete pairing the email address as an MFA authentication device with the user account, on the Email Pairing page, enter the OTP from the email notification.

  9. Click Next.

    Result:

    The Your Authentication Methods list on the Authentication page shows the email address that you paired.

    For more information and additional configuration options, see Managing your PingOne user profile.

Next steps

Enrolling a user authentication device using the API

About this task

Application developers can use the API operations to enroll a user’s authentication device.

Steps

Next steps