PingOne for Customers Plus

Best Practices

These guidelines help you make effective use of the PingOne for Customers Plus solution in your environment.

Select a user journey that fits your users

The PingOne for Customers Plus solution includes two user journey options: offer MFA or require MFA.

Offer MFA is appropriate for organizations who want to introduce multi-factor authentication (MFA) to users during registration as an option for additional security. Users who already have a registered MFA device should have their MFA attribute enabled in their user profile in PingOne. Use this option if you are planning on or currently issuing MFA to your users.

Require MFA is appropriate for organizations looking to enhance security during the registration and authentication event. Use this option if you are experiencing a high volume of password breaches or credential attacks.

Select an appropriate flow timeout

When you’re configuring your DaVinci flows, you can set a timeout value for the flow as a whole. Because the user’s account could be updated later by anyone with access to the device, a flow with a very long or indefinite timeout could be a security risk. Set a value that minimizes that risk.

Clone your flows before using or customizing them

Flows with the original name can be updated by PingOne when we publish flow updates. These updates are not applied automatically, but they add a new latest version to each flow.

By cloning the flows before you apply any customization or use them with customers, you prevent any of your changes or customizations from being accidentally overwritten.

Use caution when customizing flows

If you want to customize the flows in the PingOne for Customers Plus solution, do so carefully.

Clone the flows before making customizations so that:

  • You can revert to the earlier versions if you encounter breaking changes.

  • If you download an updated version of the solution, you don’t overwrite your customizations.

Test your customizations in a test environment before importing them into your production environment. Because any additional nodes or flows you add are not part of the standard solution, you must test them to make sure that they’re working as you intend.