PingID Connector - PingOne Cloud Platform - PingOne Services - PingOne

Page created: 8 Dec 2022 |

Page updated: 25 Jul 2023

| 4 min read

Content Type Connector PingOne DaVinci Product PingOne Cloud Platform PingOne PingOne Services Home Page Doc Tools

PingID is a cloud-based multi-factor authentication (MFA) service that protects an organization’s network, applications, and data resources while providing secure and seamless experiences for your customers and users.

The PingID connector supports the use of:

Customer-friendly authentication flows to increase security without adding unnecessary friction to the end user experience.
User enrollment flows:
- Automatically: Allow customers to automatically enroll an authentication method for users during the authentication process.
- One-time device authentication: Include device details within an authentication request. Enables a user to authenticate for one session only, without pairing the device.

Setup

Resources

PingOne documentation:
- Getting started with PingOne
- Adding an application
PingID documentation
PingOneDaVinci documentation:
- Importing a flow from the Flow Library
- Adding a connector

Requirements

To use the connector, you'll need:

A PingOne license (Try PingOne for free)
A PingID license.
A PingOne environment with a configured Worker app.
A PingID tenant linked to the PingOne environment.

Setting up PingID

For instructions on how to setup PingID, see the PingID documentation

Setting up the connector

In DaVinci, add a PingID connector. For help, see Adding a connector.

Connector settings

Environment ID

Your PingOne Environment ID. In PingOne, go to Environment > Properties.

Client ID

The Client ID for your PingOne Worker application. In PingOne, go to Applications > Your application > Configuration.

Client Secret

The Client Secret for your PingOne Worker application. In PingOne, go to Applications > Your application > Configuration.

Region

Your PingOne environment region. In PingOne, go to Environment > Properties.

Using the connector in a flow

Enrolling a device

To seamlessly add MFA for your users and increase MFA adoption, use the PingID connector. You can include device enrollment as part of user registration, or as a just-in-time (JIT) registration within an authentication flow.

The user can select an authentication method for MFA from a list of methods defined by the PingID configuration. This list can include traditional methods, such as email and SMS, and more secure and frictionless methods, such as FIDO2 biometrics and PingID mobile app.

For help, see the Creating an authentication flow guide.

Authenticating users

Use the PingID connector to increase security by adding an authentication factor that requires the user to prove their identity using a trusted device.

For help, see the Creating an authentication flow guide.

PingID flow templates

Ping Identity provides out-of-the-box DaVinci subflows that you can add to a main flow to register authentication devices and to use those devices to authenticate with PingID.

The following PingID flows are available:

PingID registration sub-flow
Use this subflow to register a new authentication method for use with PingID.
Note: The variable pingIdUserId represents the ID attribute from PingOne and must be provided when triggering the flow.

PingID authentication sub-flow

Use this subflow to add PingID as a secondary authentication factor to a main flow, as part of an authentication process.

Click the Variables node to customize any of the following options:

AdminMessage: The administrative message you want to display during authentication.
SMSBackup: Use the user's mobile number as a backup authentication method, so they can receive a one-time passcode by SMS, if the user forgets their registered authentication device.
phoneBackup: Use the user's mobile number as a backup authentication method, to receive a one-time passcode by voice message, if the user forgets their registered authentication device.
emailBackup: Use the user's email address as a backup authentication method, to receive a one-time passcode by email, if the user forgets their registered authentication device.
authenticationForApplication: The name of the application the user is attempting to access. This value is presented to the user during authentication.
useCode: When set to true, the user can click a Use Code button to enter an OTP, rather than waiting for a push notification to arrive.
OTP Fallback: When set to true, user's can authenticate with a one-time passcode in the event that the PingID server cannot reach their device, or the push response cannot be completed.

Note:

This flow requires the PingID - registration welcome page flow. The variable pingIDUserId must be provided when triggering the flow.

The following PingID Connector variables override the equivalent values in the PingID admin console Configuration tab:

PingID connector variable	PingID admin console location
`SMSBackup`, `phoneBackup`, `emailBackup`	Alternate Authentication Methods, Backup Authentication (SMS, Voice, or Email checkbox).
`OTP Fallback`	Mobile App Authentication, One-time Passcode Fallback
`useCode`	Mobile App Authentication, Direct Passcode Usage

Note: The PingID connector flow templates have the following limitations:

The PingID Devices page is not available when using the PingID Authentication sub-flow. The 'Settings' button is therefore not displayed on the Authentication screen.
The PingID connector only supports English language. Localization is not currently supported.

Search for the relevant flow in the DaVinci flow library.