--- title: Authentication description: Authentication is the act of confirming a user's identity, for example, by providing a set of credentials. component: pingoneaic page_id: pingoneaic:use-cases:preface-pages/authentication canonical_url: https://docs.pingidentity.com/pingoneaic/use-cases/preface-pages/authentication.html keywords: ["Authentication", "Use Case"] --- # Authentication *Authentication* is the act of confirming a user's identity, for example, by providing a set of credentials. In PingOne Advanced Identity Cloud, you primarily use journeys to create your authentication flows; However, you can also set up an external application to act as an identity provider. Since there are many ways to implement authentication based on your needs, use cases vary and can include: | Item | Description | | --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Single sign-on (SSO) | SSO lets authenticated users access multiple independent services from a single login session by storing user sessions as [HTTP cookies](../../am-authentication/about-sso.html#http-cookies). You can configure Advanced Identity Cloud to let users use SSO with other applications, or let users of other applications use SSO with Advanced Identity Cloud.This includes creating applications to use popular federation protocols such as SAML and OAuth 2.0/OIDC. | | Multi-factor authentication (MFA) | MFA is an authentication technique that requires users to provide multiple forms of identification when authenticating.MFA provides a more secure method for users to access their accounts with the help of a device *(tooltip: A piece of equipment that can display a one-time password or that supports push notifications using protocols supported by Advanced Identity Cloud MFA.)*. | | Pass-through authentication (PTA) | PTA lets you validate passwords with a remote service. This allows you to retain a remote service for authentication or to migrate passwords to Advanced Identity Cloud as part of authentication (just-in-time synchronization). | The use cases in this section focus on authentication: | Use case | Description | | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [Sign on with MFA using push notifications](../use-case-mfa-with-push.html) | Authenticate a user with MFA by setting up an authenticator app for push notification *(tooltip: A notification from Advanced Identity Cloud sent to an authenticator app on your smartphone that serves as an additional factor when logging in.)* on a smartphone. | | [Replace lost second-factor authentication devices](../use-case-lost-second-factor.html) | Authenticate users who've lost their second-factor authentication device. The journey allows them to sign on using a recovery code instead of their missing device. After authentication, they're prompted to register a new device and create a new passkey, securely restoring their account access. | | [Salesforce as SP (SAML)](../use-case-sso-saml-salesforce-sp.html) | Configure SSO using SAML federated identities *(tooltip: Identity federation provides a means for partner services to establish a shared user identifier in order to share user information across organizational boundaries.)* with Advanced Identity Cloud as the Identity provider (IDP) *(tooltip: An identity provider authenticates a user.)* and Salesforce as the Service provider (SP) *(tooltip: A service provider authorizes the authenticated user to access its resources based on the its own access policies.)*.Specifically, you configure Advanced Identity Cloud as the IDP for Salesforce using SAML. | | [Microsoft Entra ID (Azure AD) as OpenID provider](../use-case-sso-oidc-entra-id.html) | Configure Advanced Identity Cloud to be a relying party (RP), or client, with [Microsoft Entra ID (formerly known as Azure AD)](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) as the OpenID provider (IDP).You also create a journey that lets end users sign on to Advanced Identity Cloud optionally using Microsoft Entra ID. | | [Okta as RP (OIDC)](../use-case-sso-oidc-sp-okta.html) | Configure Okta to be the RP with Advanced Identity Cloud as the IDP. | | [Pass-through auth (PTA) with Microsoft Entra ID (Azure AD)](../use-case-pass-through-auth.html) | Enable pass-through authentication (PTA) to Microsoft Entra ID and let Advanced Identity Cloud capture the Microsoft Entra ID password for future logins. | | [Advanced Identity Cloud as a Temenos identity provider](../use-case-temenos.html) | Configure Temenos to use Advanced Identity Cloud as an OpenID Provider. |