PingOne for Customers Plus

Configuring PingOne

Verify that your PingOne environment has the necessary configuration to run the PingOne for Customers Plus solution and enable all the features that you want to use.

About this task

These steps ensure that the PingOne configuration is correct and enable features such as magic links, agreements, and social sign-on.

Steps

  1. Verify that you have an email server configured in PingOne.

    Learn more about email servers in Configuring Trusted Email Addresses.

    1. Go to Settings → Sender.

    2. On the Email tab, select Ping Server.

    3. In the Domain list, select your trusted email domain.

    4. Enter the sender details:

      From Name: Enter the name that appears as the sender’s name in the email message.

      From Address: Select an email address from the list, or click New to open the New Address page and create a new address.

    5. Enter the reply-to details:

      Reply-To Name: Enter the name that appears as the reply-to name in the email message.

      Reply-To Address: Select an email address from the list, or click New to open the New Address page and create a new address.

    6. Click Save.

  2. Copy the new PingOne for Customers Plus notification templates into your PingOne environment.

    Learn more about adding and customizing notification templates in Adding a notification and Editing a notification.

    If you have connected the Ping Library to your PingOne environment as described in the Ping Library Help, you can import the notification templates described in step a using the Apply to PingOne Env option.

    1. Click one of the template links to view the corresponding template in the Ping Library:

    2. Click Copy to copy the template HTML.

    3. Log into PingOne and go to User Experience → Notification Templates.

    4. Click to create a new template.

    5. In the Type list, select General.

    6. In the Name field, enter the template’s name as it is displayed on the Ping Library page.

    7. Click Create.

    8. In the Email section, click the Edit icon in the Subject field and enter a subject corresponding to the template:

      Notification Template Subject

      Account Disabled

      Critical security alert

      Magic Link Authentication

      Magic link authentication

      New Account Created

      Welcome ${firstName} to \{\{Brand Name}}!

      New Device Sign-in Activity

      Security alert

      Password Changed

      Password change

      Suspicious Activity

      Security alert

    9. Click the Save icon to save the subject changes.

    10. Click the Edit icon in the New Email field, then paste the template HTML you copied in step b.

    11. Click the Save icon to save the field changes.

    12. Click the Close icon to close the template.

    13. Repeat steps a-l for each remaining template.

  3. Update the content of the existing New Device Paired notification template.

    1. Open the New Device Paired template entry in the Ping Library.

    2. Click Copy to copy the template HTML.

    3. Log into PingOne and go to User Experience → Notification Templates.

    4. Find the New Device Paired notification template and click ⋮ → Edit.

    5. Click the Edit icon in the New Email field, then paste the template HTML you copied in step b.

    6. Click the Save icon to save the field changes.

    7. Click the Close icon to close the template.

  4. Verify that you have a multi-factor authentication (MFA) policy configured in PingOne.

    Learn more in the MFA documentation.

    1. In PingOne, go to Authentication → MFA.

    2. Click the MFA policy marked as the default and verify that its Allowed Authentication Methods include the authentication methods that you want to use from the following:

      • Email

      • SMS

      • FIDO2

  5. Verify that the default population exists:

    1. Go to Directory → Populations.

    2. In the list of populations, verify that a population is marked as Default.

    3. If no existing population is marked as Default, select a population and go to More options ( ) → Edit Population.

    4. Click Make Default Population.

    5. Click Switch.

    6. Click Save.

  6. Optional: If you plan to use FIDO2, verify that the default Passkeys policy is selected.

    Learn more about FIDO policies in the FIDO documentation.

    1. Go to Authentication → FIDO.

    2. Verify that the Passkeys policy is marked as the default.

    3. If the Passkeys policy is not the default, go to ⋮ → Make Default, then click Save.

  7. Optional: If you plan to use an agreement, verify that you have an agreement configured in PingOne and copy the agreement ID.

    Learn more about configuring agreements in Adding an agreement.

    1. Go to User Experience → Agreements.

    2. Verify that the agreement exists and is enabled.

    3. Click the Expand icon for the agreement.

    4. Copy the Agreement ID.

    The agreement ID is used in a later procedure to configure the flows in DaVinci.

  8. Optional: Verify that you have an external identity provider (IdP) configured in PingOne for each valid third party you want to use as a social sign-on option.

    Learn more about how identity providers are used in PingOne, see Identity Providers.

    1. If you want to use Google as a social sign-on option, verify that Google is configured as an IdP according to the procedure in Adding an identity provider - Google. During configuration, use the following property mappings:

      Google Property PingOne Property

      email address

      username

      email address

      email

      family name

      family name

      given name

      given name

    2. If you want to use Facebook as a social sign-on option, verify that Facebook is configured as an IdP according to the procedure in Adding an identity provider - Facebook. During configuration, use the following property mappings:

      Facebook Property PingOne Property

      email address

      username

      email address

      email

      family name

      family name

      given name

      given name

    3. If you want to use Apple as a social sign-on option, verify that Apple is configured as an IdP according to the procedure in Adding an identity provider - Apple. During configuration, use the following property mappings:

      Apple Property PingOne Property

      email address

      username

      email address

      email