Updating the MFA step in your sign-on policy
Follow the steps in console and application programming interface (API) alternative to update the multi-factor authentication (MFA) step in your sign-on policy.
-
Console
-
API
Updating the MFA step in your sign-on policy using the admin console
Steps
-
Go to Authentication → MFA.
-
Locate and select your MFA policy.
Result:
The Details panel opens.
-
Click the Pencil icon to enter edit mode.
-
In the Allowed Authentication Methods section, select the Mobile Applications check box.
-
Click Application.
-
In the Application list, select your native app.
-
Optional: Select the Auto Enrollment and Device Authorization check boxes:
- Auto Enrollment
-
Allow automatic enrollment of the mobile application to MFA during the authentication flow.
- Device Authorization
-
Allow users to securely sign on to the app on a trusted mobile device, without having to actively go through strong authentication, while a seamless MFA takes place behind the scenes.
If the user has no usable devices, you can configure automatic enrollment as Bypass or Block.
-
Click Save.
Next steps
Updating the MFA step in your sign-on policy using the API
About this task
The applications
parameter is an array of native applications with additional configuration options for automatic enrollment and device authorization.
Steps
-
To update the sign-on policy’s MFA action, set the
applications
parameter values using the followingPUT
operation:PUT https://api.pingone.com/v1/environments/{{envId}}/signOnPolicies/{{policyId}}/actions/{{mfaActionId}} { "priority": 1, "type": "MULTI_FACTOR_AUTHENTICATION", "sms": { "enabled": true }, "email": { "enabled": true }, "applications": [ { "id": "{{nativeAppId}}", "autoEnrollment": { "enabled": true, "noDevicesMode": "BYPASS" }, "deviceAuthorization": { "enabled": true, "extraVerification": "permissive" } } ] }
If the user has no usable devices, you can configure
noDevicesMode
asBYPASS
orBLOCK
. For this configuration to take effect, you must provide a signedlogin_hint_token
.For details, see POST: CREATE Sign-On Policy Action (MFA) in the API reference.
PingOne MFA provides two sample applications for you to quickly get started:
-
Developer sample app:
This application is a showcase app, aimed at developers who want to explore the PingOne Mobile SDK. It implements all the flows that are available using the PingOne Mobile SDK.
-
Authenticator sample app:
The authenticator sample app is a mobile app that has the sole function of performing strong authentication. This application is a "white label" authenticator app, aimed at organizations that want to easily publish an authenticator app on the application stores. Its UI and UX are polished for end users as-is, providing the ability to customize colors, icons, and other appearance attributes. All that’s required is compilation with branding and credentials, and uploading it to the app store.
As a quick-start, you can clone the apps from their GitHub locations and follow the instructions in the README files.
-
To build the apps, you’ll need Android Studio or Xcode (iOS). |