PingOne Advanced Identity Cloud

Two-factor authentication (2FA) profile attributes

The two-factor authentication (2FA) profile attributes feature adds the following five multivalue (array) strings to existing Alpha and Bravo realm managed users in PingOne Advanced Identity Cloud:

  • deviceProfiles

  • devicePrintProfiles

  • webauthnDeviceProfiles

  • oathDeviceProfiles

  • pushDeviceProfiles

Install 2FA profile attributes feature

You can install this feature using the feature endpoint:

  1. Confirm that the feature is available by calling GET openidm/feature/am/2fa/profiles:

    {
  "_id": "am/2fa/profiles",
  "installedVersion": null,
  "availableVersions": [
    "1"
  ]
}

  2. Validate that the feature is installable by calling POST /openidm/feature/am/2fa/profiles?_action=validate:

    {
  "status": 200,
  "success": true,
  "message": "Validate complete."
}

  3. Install the feature by calling POST /openidm/feature/am/2fa/profiles?_action=install:

    {
  "status": 200,
  "message": "Install complete."
}

  4. Confirm that the feature is no longer installable by calling POST /openidm/feature/am/2fa/profiles?_action=validate:

    {
  "status": 200,
  "success": false,
  "message": "Validate complete.config/repo.ds: am2faProfiles must not already exist."
}
URI HTTP Operation Description

/openidm/feature/am/2fa/profiles

GET

Returns the status of the two-factor authentication profile attributes feature.

/openidm/feature/am/2fa/profiles?_action=validate

POST

Validates that the two-factor authentication profile attributes feature has been installed.

/openidm/feature/am/2fa/profiles?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the two-factor authentication profile attributes feature.

Using the multivalue 2FA profile attributes reference table

You could need to work with multivalue 2FA profile attributes in Advanced Identity Cloud for the following reasons:

  • To customize the identity attribute display names shown in the user profile in the UI

  • To reference the identity attributes in scripts and API calls

Multivalue 2FA profile attributes reference table

Display Name IDM Property AM Attribute

deviceProfiles

deviceProfiles

deviceProfilesAttrName

devicePrintProfiles

devicePrintProfiles

deviceIdAttrName

webauthnDeviceProfiles

webauthnDeviceProfiles

webauthnAttrName

oathDeviceProfiles

oathDeviceProfiles

oathAttrName

pushDeviceProfiles

pushDeviceProfiles

pushAttrName

Current migration dependent features

Certain Advanced Identity Cloud features require changes to your tenant environments before they can be introduced. In such cases, Ping Identity defines a migration strategy for the feature. Some examples of feature migration strategies are:

  • Updating the format of your static configuration

  • Updating the way your automated applications are configured

  • Restricting the new feature only to tenants built after the feature is introduced

Feature Effective date Summary

2FA profile attributes

2024-12-18[1]

Ping Identity has introduced five multivalue (array) strings to existing Alpha and Bravo realm managed users in Advanced Identity Cloud:

  • deviceProfiles

  • devicePrintProfiles

  • webauthnDeviceProfiles

  • oathDeviceProfiles

  • pushDeviceProfiles

Learn more in Enable 2FA profile attributes and in the Rapid channel changelog.
1. This feature is not available in the regular channel yet. It is included in the rapid channel for sandbox environments.