Managing authentication methods
From your PingOne user profile you can add, rename, or delete one or more authentication methods. You can also define your default authentication method.
Before you begin
To enable users with more than one authentication method to define a default multi-factor authentication (MFA) method, you must enable the User-selected default
option. See Configuring MFA settings.
A user might not be able to use their default device for various reasons, such as:
|
About this task
You can add different devices, such as a security key or phone biometrics for authentication. You can also add multiple authentication methods that use the same physical device. For example, you could set up MFA using SMS, voice, FIDO2 biometrics, and an authenticator app on a single mobile device. The devices available are defined by your organization.
You should add at least two MFA methods. The methods listed are defined by your administrator, and might vary between environments. |
Steps
-
Go to your profile, click the My Profile tab, and then click the Authentication tab.
-
Click Add Method.
Result:
The Select Method window opens, listing the methods available for you to add.
-
Select the authentication method you want to add and follow the instructions to pair that authentication method:
-
Authenticator app: Use a third-party authenticator application, such as Google Authenticator. Open the authenticator application and scan the QR code or enter the passcode. Click Next. Enter the passcode from the authenticator application to complete the device pairing.
-
Text message: Use a text message (SMS) with a one-time passcode (OTP) to authenticate. Enter the phone number and click Next. Enter the passcode you received to complete the device pairing.
-
Voice: Receive a voice call with a one-time passcode to authenticate. Enter the phone number and click Next. Enter the passcode you received to complete the device pairing.
-
Email: Use an email message with a one-time passcode to authenticate. Enter an email address and click Next. Enter the passcode you received to complete the device pairing.
-
Mobile: Use an application on your mobile device to authenticate. Select the mobile app for pairing your mobile device. Scan or enter the pairing key in the mobile app.
-
FIDO2 biometrics: Use FIDO2 biometrics on compatible devices to authenticate. On your device, sign on or enter your password to complete pairing.
-
Security key: Use a FIDO2 or U2F security key to authenticate. You will be prompted to authenticate with the security key.
Result:
The authentication method is listed on the Authentication tab in the Your Authentication Methods section. Repeat this step to add another authentication method, if required.
-
-
After adding an authentication method, you can optionally do the following:
Option Description Set a default authentication method
If you added more than one MFA method, to define your default method, click the hamburger menu next to the relevant MFA method and then clickSet As Default.
The devices available for authentication depend on your company policy, therefore your default device might not always be available for authentication.
Rename an authentication method
Click the hamburger menu next to the authentication method you want to set as default, and then click Edit Name. Enter a meaningful name for the authentication method, and click the checkmark. Names of up to 100 characters are supported.
Remove an authentication method
Click the hamburger menu next to the authentication method you want to remove, and then click Remove.
Ensure that you leave at least one authentication method. If you remove all authentication methods, you might lock yourself out of the application.