PingOne Advanced Identity Cloud

Tenant administrator mandatory 2-step verification FAQ

How is 2-step verification changing?

Ping Identity is making 2-step verification mandatory for all PingOne Advanced Identity Cloud tenant administrators.

The option to skip registration for 2-step verification is deprecated and will be removed a year after the deprecation notification date (Friday, February 3, 2023), following the Advanced Identity Cloud deprecation and end of life policy.

idcloudui tenant administrator set up 2 step verification skip deprecated

After the option to skip registration is removed, any tenant administrator that has not already set up 2-step verification will be forced to do so the next time they sign in. Advanced Identity Cloud guides the tenant administrator through the device registration process, with no assistance needed from Ping Identity support.

Will the change to mandatory 2-step verification affect me?

Yes, this change affects all customers. You have until the deprecation end-of-life date (Tuesday, April 2, 2024) to update your tenants to make 2-step verification mandatory for all tenant administrators.

How do I prepare my tenants to support 2-step verification?

If you have any automation that relies on the skip option to authenticate to Advanced Identity Cloud APIs, it must be updated to use a service account to get an access token.

After 2-step verification is enforced, any automation that depends on the skip option will fail authentication.

How do I enable mandatory 2-step verification for my tenants?

  1. Make sure you have updated any automation that authenticates to Advanced Identity Cloud APIs to use a service account. Learn more in How do I prepare my tenants to support 2-step verification?.

  2. Open a support case with Ping Identity support:

    1. Go to https://support.pingidentity.com.

    2. Click Create a case.

    3. Follow the steps in the case submission wizard, selecting your account and contract and answering questions about your environment.

    4. In the Please answer the following questions to help us understand the issue you are facing page:

      1. Select PingOne Advanced Identity Cloud in the product family field.

      2. Select Configuration in the product field.

      3. Click Next.

    5. In the Tell us about the issue page:

      1. Enter "Enforce 2-step verification for tenant administrators" in the descriptive title field.

      2. Enter a comma-separated list of FQDNs for your sandbox[1], development, UAT[2], staging, and production tenant environments in the issue description field.

      3. Click Next.

    6. Click Submit.

  3. Ping Identity support turns on the enforcement of 2-step verification for your tenant administrators and then asks you to verify that everything is working as expected.