You can use the PingID connector to add MFA (multi-factor authentication) to flows, including passwordless login flows.
PingID is a cloud-based authentication service that allows your users to carry out MFA (multi-factor authentication) using a variety of methods, including the PingID mobile app, security keys, and biometrics.
Setup
- Resources
-
- PingID documentation:
- PingOneDaVinci documentation:
- Setting up the connector
-
In DaVinci, add a PingID connection. For help, see Adding a connector.
After creating the connector, configure it by going to its General tab and pasting in the content of the PingID properties file that you downloaded.
Using the connector in a flow
MFA flows
For examples of using the PingID connector in basic MFA flows, see the following templates in the Flow Library:
- PingID - Basic MFA flow (username/password + MFA)
- PingID - MFA flow + Risk (username/password + risk evaluation, MFA according to risk score generated for user)
In flows of this type, a connector using the Initialize MFA capability should be placed in the flow at the point where you want an MFA challenge to be issued, for example, after the user has entered their password.
MFA in passwordless flows
For examples of using the PingID connector to combine MFA with passwordless login, see the following templates in the Flow Library:
- PingID - FIDO2 Passwordless (FIDO2 username, no password required)
- PingID - FIDO2 Passwordless + Risk (FIDO2 username, no password + risk evaluation, action based on risk score generated for user)
In passwordless login flows, two PingID connectors should be added to the flow:
- A connector using the Initialize Passwordless Authentication capability
- Later in the flow, a second connector using the Finalize Passwordless Authentication capability and using as input the passwordlessContext that was returned by the initialize step. The username must also be provided as input.
Capabilities
- Initialize MFA (
initializeMfa
) Multi-Factor Authentication and on-the-fly registration.
Properties- Initialize Passwordless Authentication
(
initializePasswordlessAuthentication
) Passwordless authentication using FIDO2 supported devices.
Properties- Finalize Passwordless Authentication
(
finalizePasswordlessAuthentication
) Policy evaluation to complete the Passwordless Authentication.
Properties
Troubleshooting
If you are having trouble with the PingID connector, you can try the following:
- Verify that when you created and configured the connector on the Connections page, you pasted correctly the contents of your PingID properties file.
- For each connector in the flow, make sure that all of the mandatory inputs have been provided.
- Use the Analytics feature to see where the flow stopped.
- Select the Options icon, and turn on Show Node ID. This will make it easier to identify the source of inputs and outputs.