PingOne

What is the difference between PingID and PingOne MFA?

PingID is used to secure authentication for your organization’s employees and contractors. PingOne MFA is used to secure authentication for your CIAM (Customer Identity and Access Management) use cases.

Workforce identities, and Customer identities are licensed differently, and require separate PingOne environments.

PingID: the workforce solution

Organizations are more likely to need to define more specific criteria for employee and contractor authentication and access to their systems. They are more likely to have more in-depth knowledge of:

  • The authentication methods their employees are using.

  • Information about the devices that their employees typically use to authenticate (and can create policies based on information such as IP reputation, and users authenticating from a new device).

Organizations can benefit from PingID to:

  • Assert control over the type of device and range of authentication methods that their employees can use.

  • Choose to limit use of less secure authentication methods, such as SMS and voice authentication.

  • Use PingID policy to provide more frictionless authentication experiences for their trusted users, and require a step up to MFA or even block users authenticating in more risky scenarios.

  • Benefit from a range of PingID integrations, including Windows login, and Windows login passwordless, Mac login, RADIUS Gateway (VPN), and SSH.

PingOne MFA - considering the customer

Your organization’s customers or consumers are more likely to:

  • Join from a wider and less predictable set of locations throughout the world.

  • Use a wider set of devices and authentication methods.

  • Tolerate less friction during enrollment and authentication.

PingOne MFA allows you to provide a wider range of device types to accommodate your customer’s demographics and remove friction while maintaining security. PingOne MFA also allows you to provide strong authentication as part of your mobile application using the PingOne MFA mobile SDK.

Supported authentication methods

The following authentication methods are supported:

  • PingOne MFA and PingID: FIDO2, Authenticator app, Email, SMS, and Voice authentication.

  • PingID only: PingID mobile application, PingID desktop application, YubiKey OTP, OATH Token.

  • PingOne MFA only: Mobile application integrated with the PingOne MFA SDK, WhatsApp.

Differences in policy usage

PingID is being transitioned to PingOne. Most PingID features are now available in PingOne. However to maintain a full set of PingID services during the transitional period, some features are still managed in the legacy PingID admin portal. During this transitional period, the following differences exist between PingOne MFA and PingID policies:

  • Authentication policy: A default PingOne Authentication policy is created and it automatically includes the default MFA policy. The configuration options differ slightly for PingOne MFA and PingID. PingOne MFA also supports the use of multiple Authentication policies.

  • MFA policy: PingOne MFA supports the use of multiple MFA policies. PingID supports the use of the default MFA policy only.

  • FIDO2 policy: PingOne MFA supports the use of multiple FIDO2 policies. PingID supports the use of the default FIDO2 policy only.

  • PingID authentication policy can be configured using the PingID web portal for PingID accounts only.