PingOne MFA is a cloud-based multi-factor authentication (MFA) service that protects an organization’s network, applications, and data resources while providing secure and seamless experiences for your customers and users.
The PingOne MFA connector supports the use of:
- Customer-friendly authentication flows to increase security without adding unnecessary friction to the end user experience
- User enrollment flows:
- Automatically: Allow customers to automatically enroll an authentication method for users during different operations, such as registering the user email or phone number as part of a user provisioning
- Manually: Allow users to manage their devices and add authentication methods during enrollment
- One-time device authentication: Include device details within an authentication request. Enables a user to authenticate for one session only, without pairing the device.
- Usernameless and passwordless sign-on and authentication flows using appropriate, secure authentication methods, such as FIDO biometrics
Setup
Resources
- PingOne documentation:
- PingOneDaVinci documentation:
Requirements
To use the connector, you'll need:
- A PingOne MFA license (Try PingOne for free)
- A PingOne MFA environment with a configured Worker app
- A multi-factor authentication (MFA) policy. See MFA policies.
Setting up PingOne MFA
Setting up your PingOne MFA environment
Follow the instructions in Getting started with PingOne MFA.
Setting up the connector
In DaVinci, add a PingOne MFA connection. For help, see Adding a connector.
Connector settings
Environment ID
Policy ID
Client ID
Client Secret
Region
Using the connector in a flow
Enrolling a device
To enable users and increase MFA adoption, use the PingOne MFA connector to include a device enrollment as part of user registration or as a just-in-time (JIT) registration within an authentication flow.
The user can select an authentication method for MFA from a list of methods defined by your organization's policy. This list can include traditional methods, such as email and SMS, and more secure and frictionless methods, such as FIDO2 biometrics and a native mobile SDK.
You can define device enrollment as either mandatory or optional.
You can choose to enable MFA automatically when device enrollment completes so that the next time the user authenticates, the device is available for them to use to authenticate.
Search the Flow Library for the following out-of-the-box PingOne MFA device enrollment templates:
- PingOne - Registration and
MFA EnrollmentNote:
This flow must include the PingOne - Device Registration sub-flow to provide on-the-fly device enrollment for users during registration.
- PingOne - Registration and
MFA Auto-Enrollment
In this flow, the Admin selects which devices to enroll for the user.
For help, see the Creating an authentication flow guide.
Authenticating users
Use the PingOne MFA connector to increase security by adding an authentication factor that requires the user to prove their identity using a trusted device.
Search the Flow Library for the following out-of-the-box PingOne MFA authentication templates:
- PingOne - Sign on and
MFANote:
This flow must include the PingOne - Device Registration sub-flow to provide on-the-fly device enrollment for users during registration.
- PingOne - Sign on and
Adaptive MFA Note:
This flow must include the following sub-flows:
- PingOne - Device Registration sub-flow to provide on-the-fly enrollment for users that have not yet registered a device
- PingOne - MFA Authentication sub-flow
- PingOne - One-time use device
authentication
Indicate whether a paired device is used, or specify a device explicitly for one-time authentication.
For help, see the Creating an authentication flow guide.
Configuring passwordless authentication
You can use the PingOne MFA connector to design the following types of passwordless authentication flows:
- PingOne Usernameless sign-on
with biometrics
User authenticates by scanning their compatible FIDO authenticator, without requiring a username or password.
- PingOne - Passwordless
authentication
User enters a username and uses any compatible device to authenticate. If the user device is not yet registered, they must verify the device using a one-time passcode (OTP) sent to the email or mobile number (using one-time use device authentication). After successfully verifying the device they can register it for passwordess authentication.
- PingOne - Passwordless
sign-on with biometrics
User enters their username and either provides their existing password, or uses their device biometrics to authenticate.
-
PingOne - QR code passwordless sign-on
User signs on by scanning a QR code using a mobile application, with no need to input any other information.
Note: This flow requires a custom mobile app that uses the PingOne MFA mobile SDK.
Capabilities
- Read Device
-
Read information for a device associated with a user.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Device ID
textField
-
The unique identifier for the MFA device.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
deviceId
string
required
minLength: 0
maxLength: 100
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
headers
object
-
statusCode
integer
-
device
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
rawResponse
-
output
- Read All Devices
-
Read information for all user devices
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Filters
toggleSwitch
-
Filter devices by activation status and device type.
-
Status
dropDown
-
non-active devices are not usable during an authentication.
- ALL (Default)
- ACTIVE
- ACTIVATION REQUIRED
-
Device Types
dropDownMultiSelect
-
- SMS
- Voice
- Authenticator App
- Mobile Applications
- Fido2 Biometrics
- Security Key
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
setFilterFlag
boolean
-
statusFilter
string
-
deviceTypes
array
uniqueItems: true
-
items
array
-
-
type
string
-
maxLength
maxLength: 255
-
type
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
applications
array
-
items
array
-
-
type
object
- properties
-
type
-
allowedtypes
array
-
items
array
-
-
type
string
-
type
-
order
array
-
properties
array
-
-
id
string
-
id
-
mfaSettings
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
pairing
object
-
properties
object
-
-
maxAllowedDevices
integer
-
maxAllowedDevices
-
environment
-
mfaPolicy
object
-
properties
object
-
-
authentication
object
-
properties
object
-
-
deviceSelection
string
-
deviceSelection
-
authentication
-
devices
-
size
number
-
_embedded
-
headers
object
-
statusCode
integer
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
allowedtypes
array
-
items
array
-
-
type
string
-
type
-
applications
array
-
items
array
-
-
type
object
- properties
-
type
-
mfaSettings
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
pairing
object
-
properties
object
-
-
maxAllowedDevices
integer
-
maxAllowedDevices
-
environment
-
mfaPolicy
object
-
properties
object
-
-
authentication
object
-
properties
object
-
-
deviceSelection
string
-
deviceSelection
-
authentication
-
order
array
-
properties
array
-
-
id
string
-
id
-
rawResponse
-
output
- Create Device
-
Create devices to use during authentication.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Device Type
dropDown
-
The type of device used during authentication.
- SMS
- Voice
- Authenticator App
- Mobile Applications
- Fido2 Biometrics
- Security Key
- Enter Device Type
-
Enter Device Type
textField
-
Activation Status
dropDown
-
The current status of the device. If a device has an ACTIVATION_REQUIRED status, activate it before you add it as a trusted device.
- ACTIVE
- ACTIVATION REQUIRED
-
Phone Number
textField
-
The phone number to associate with the device. Applies only to devices that use SMS and Voice SMS messages during authentication.
-
Extension
textField
-
The phone extension for this device. It can include digits, comma, # and *. If there is more than one extension then a comma should separate the extension and the nested extension.
-
Email
textField
-
The email address to associate with the device. Applies only to devices that use email during authentication.
-
Device Nickname
textField
-
A nickname that identifies this device. The device nickname is limited to 100 characters.
-
Relying Party ID
textField
-
If you define a Relying Party ID (RPID) here, it overrides the RPID defined in the FIDO policy in the PingOne admin console.
-
Relying Party Name
textField
-
A string that specifies the relying party's human-readable display name.
-
Notification Policy
dropDown
-
A unique identifier for the policy.
- Enter Notification Policy ID
-
Notification Policy ID
textField
-
Notification Name
dropDown
-
The name of a custom notification defined in PingOne. If the form you want is not listed, select Enter Custom Value.
- Enter Custom Value
-
Custom Value
textField
-
You can enter a custom template name, or leave blank to use the default template. You can also enter a parameter from a previous connector, or any text.
-
Notification Locale
textField
-
Add a locale to allow localized notifications for end-users. ISO Language Codes are supported.
-
Notification Variables
variableInputList
-
If Custom variables are defined in the notification body, map them here.
-
User Agent
textField
-
Browser user agent
-
Test Mode
textField
-
Create device for test purposes only
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
deviceType
string
required
-
customDeviceType
null/string/object
-
status
string
required
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
rpId
string
-
Relying Party ID
-
rpName
string
-
Relying Party Name
-
notificationPolicyId
string
minLength: 0
maxLength: 100
-
customNotificationPolicyId
null/string/object
-
templateVariant
null/string
-
customTemplateVariant
null/string/object
-
templateLocale
null/string
-
templateVariables
array
-
items
array
-
-
type
object
- properties
-
type
-
userAgent
string
-
User Agent
-
createDeviceTestMode
string
-
Create Test Device
-
oneTimeDeviceTestMode
string
-
Create Test Device
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
test
object
-
properties
object
-
-
otp
string
-
otp
-
id
-
headers
object
-
statusCode
integer
-
device
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
rawResponse
-
output
- Activate Device
-
Activate devices for the first time.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Device ID
textField
-
The unique identifier for the MFA device.
-
One-time Passcode
textField
-
The one-time passcode (OTP) sent to the user.
-
Attestation
textField
-
A read-only string that specifies the public key and signed challenge used to complete registration and device activation. The attestation is generated by the browser as a response to a specific user action, such as a fingerprint scan or tap on a security key.
-
Origin
textField
-
The address of the server sending the initial registration challenge to the device.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
deviceId
string
required
minLength: 0
maxLength: 100
-
otp
string
-
Passcode
-
attestation
string
-
WebAuthn assertion
-
origin
string
-
Origin
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
headers
object
-
statusCode
integer
-
device
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
rawResponse
-
output
- Delete Device
-
Delete devices.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Device ID
textField
-
The unique identifier for the MFA device.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
deviceId
string
required
minLength: 0
maxLength: 100
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Update Device Nickname
-
Update device nicknames.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Device ID
textField
-
The unique identifier for the MFA device.
-
Device Nickname
textField
-
A nickname that identifies this device. The device nickname is limited to 100 characters.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
deviceId
string
required
minLength: 0
maxLength: 100
-
nickname
string
required
-
Device nickname
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
nickname
string
-
rawResponse
-
output
- Read MFA Status
-
Indicates whether MFA is enabled for the user.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
mfaEnabled
boolean
-
rawResponse
-
output
- Update MFA Status
-
Enables or disables MFA for the user.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Enable User MFA
toggleSwitch
-
Enable or disable user MFA.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
mfaEnabled
boolean
required
-
MFA Enable Status Of User
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
mfaEnabled
boolean
-
rawResponse
-
output
- Read Device Authentication Policy
-
Read PingOne MFA device authentication policies.
Details- Details
-
- Properties
-
-
Device Authentication Policy
dropDown
-
A unique identifier for the policy.
- Enter Device Authentication Policy ID
-
Device Authentication Policy ID
textField
required
-
Device Authentication Policy
- Input Schema
-
-
default
object
-
-
deviceAuthenticationPolicyId
string
required
minLength: 0
maxLength: 100
-
customDeviceAuthenticationPolicyId
null/string/object
-
deviceAuthenticationPolicyId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
name
string
-
forSignOnPolicy
boolean
-
default
boolean
-
sms
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
failure
-
enabled
-
email
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
failure
-
enabled
-
voice
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
failure
-
enabled
-
mobile
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
window
object
-
properties
object
-
-
stepSize
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
stepSize
-
failure
-
enabled
-
totp
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
failure
-
enabled
-
platform
object
-
properties
object
-
-
enabled
boolean
-
enabled
-
securityKey
object
-
properties
object
-
-
enabled
boolean
-
enabled
-
createdAt
string
-
updatedAt
string
-
id
-
headers
object
-
statusCode
integer
-
deviceAuthenticationPolicy
object
-
properties
object
-
-
id
string
-
name
string
-
forSignOnPolicy
boolean
-
default
boolean
-
sms
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
failure
-
enabled
-
email
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
failure
-
enabled
-
voice
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
failure
-
enabled
-
mobile
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
window
object
-
properties
object
-
-
stepSize
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
stepSize
-
failure
-
enabled
-
totp
object
-
properties
object
-
-
enabled
boolean
-
otp
object
-
properties
object
-
-
failure
object
-
properties
object
-
-
count
integer
-
coolDown
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
count
-
failure
-
enabled
-
platform
object
-
properties
object
-
-
enabled
boolean
-
enabled
-
securityKey
object
-
properties
object
-
-
enabled
boolean
-
enabled
-
createdAt
string
-
updatedAt
string
-
id
-
rawResponse
-
output
- Create Device Authentication
-
Create authentication experiences with virtual or physical devices.
Details- Details
-
- Properties
-
-
User ID Not Required
toggleSwitch
-
Indicates whether the user id is required or obtained from the authentication method used.
-
User ID
textField
-
The unique identifier for the user.
-
MFA Policy ID
textField
-
The ID of your PingOne MFA device authentication policy.
-
User Agent
textField
-
Browser user agent
-
Device Details
dropDown
-
Indicates whether to use the user's default authentication method or to provide a specific authentication method.
- ID
- One-Time Device
-
Device ID
textField
-
The selected device id
-
Device Type
textField
-
The one-time device type
-
SMS Phone Number
textField
-
The phone number to associate with the one-time SMS device.
-
Voice Phone Number
textField
-
The phone number to associate with the one-time Voice device.
-
Email
textField
-
The email address to associate with the one-time device.
-
Test Mode
textField
-
Create device for test purposes only
-
Notification Type
dropDown
-
Indicates whether the notification is intended for a user authentication flow or a device authorization flow.
- Strong Authentication
- Transaction
-
Notification Policy
dropDown
-
A unique identifier for the policy.
- Enter Notification Policy ID
-
Notification Policy ID
textField
-
Notification Name
dropDown
-
The name of a custom notification defined in PingOne. If the form you want is not listed, select Enter Custom Value.
- Enter Custom Value
-
Custom Value
textField
-
You can enter a custom template name, or leave blank to use the default template. You can also enter a parameter from a previous connector, or any text.
-
Notification Locale
textField
-
Add a locale to allow localized notifications for end-users. ISO Language Codes are supported.
-
Notification Variables
variableInputList
-
If Custom variables are defined in the notification body, map them here.
-
Mobile Payload
textField
-
A signed challenge generated by PingOne MFA mobile SDK.
-
Application
dropDown
-
The unique identifier of the native application which initiated the authentication flow.
- Enter Application ID
-
Application ID
textField
-
Mobile Client Context
variableInputList
-
Additional attributes that can be passed to the mobile application during the authentication.
-
Relying Party ID
textField
-
If you define a Relying Party ID (RPID) here, it overrides the RPID defined in the FIDO policy in the PingOne admin console.
-
One-time Passcode
textField
-
The one-time passcode (OTP) of the device used to authenticate. If the Device ID is not provided, the OTP is validated against all the applicable devices.
-
User ID Not Required
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
mfaPolicyId
string
minLength: 0
maxLength: 100
-
authTemplateName
null/string
-
notificationPolicyId
string
minLength: 0
maxLength: 100
-
customNotificationPolicyId
null/string/object
-
templateVariant
null/string
-
customTemplateVariant
null/string/object
-
templateLocale
null/string
-
templateVariables
array
-
items
array
-
-
type
object
- properties
-
type
-
mobilePayload
null/string
-
Mobile Payload
-
applicationId
string
minLength: 0
maxLength: 100
-
Application ID
-
customApplicationId
null/string/object
-
clientContext
array
-
Mobile Client Context
-
items
array
-
-
type
object
- properties
-
type
-
userAgent
string
-
User Agent
-
rpId
string
-
Relying Party ID
-
deviceAuthenRpId
string
-
Relying Party ID
-
createDeviceTestMode
string
-
Create Test Device
-
oneTimeDeviceTestMode
string
-
Create Test Device
-
usernameLess
boolean
-
User ID Not Required
-
selectedDevice
null/string
-
selectedDeviceId
null/string
-
oneTimeDeviceType
null/string
-
oneTimeSmsDevice
null/string
-
oneTimeVoiceDevice
null/string
-
oneTimeEmailDevice
null/string
-
otp
string
-
Passcode
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
environment
object
-
properties
object
-
-
id
string
-
id
-
policy
object
-
properties
object
-
-
id
string
-
id
-
selectedDevice
object
-
properties
object
-
-
id
string
-
id
-
application
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
authenticators
array
-
items
array
-
-
type
string
-
type
-
publicKeyCredentialRequestOptions
string
-
_links
object
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
devices
-
test
object
-
properties
object
-
-
otp
string
-
otp
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Read Device Authentication
-
Read device authentication information.
Details- Details
-
- Properties
-
-
Device Authentication ID
textField
-
The unique identifier for the MFA Device Authentication.
-
Device Authentication ID
- Input Schema
-
-
default
object
-
-
deviceAuthenticationId
string
required
minLength: 0
maxLength: 100
-
Device Authentication ID
-
deviceAuthenticationId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
environment
object
-
properties
object
-
-
id
string
-
id
-
policy
object
-
properties
object
-
-
id
string
-
id
-
selectedDevice
object
-
properties
object
-
-
id
string
-
id
-
application
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
authenticators
array
-
items
array
-
-
type
string
-
type
-
publicKeyCredentialRequestOptions
string
-
_links
object
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
devices
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Device Selection
-
Enables users to choose the way they authenticate if more than one option is available.
Details- Details
-
- Properties
-
-
Device Authentication ID
textField
-
The unique identifier for the MFA Device Authentication.
-
Device ID
textField
-
The unique identifier for the MFA device.
-
WebAuthn Browser Compatibility
textField
-
Device Authentication ID
- Input Schema
-
-
default
object
-
-
deviceId
string
required
minLength: 0
maxLength: 100
-
deviceAuthenticationId
string
required
minLength: 0
maxLength: 100
-
Device Authentication ID
-
compatibility
null/string
-
WebAuthn Compatibility
-
deviceId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
environment
object
-
properties
object
-
-
id
string
-
id
-
policy
object
-
properties
object
-
-
id
string
-
id
-
selectedDevice
object
-
properties
object
-
-
id
string
-
id
-
application
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
authenticators
array
-
items
array
-
-
type
string
-
type
-
publicKeyCredentialRequestOptions
string
-
_links
object
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
devices
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Device Passcode
-
Ensures that device one-time passcodes (OTPs) are valid.
Details- Details
-
- Properties
-
-
Device Authentication ID
textField
-
The unique identifier for the MFA Device Authentication.
-
One-time Passcode
textField
-
The one-time passcode (OTP) sent to the user.
-
Device Authentication ID
- Input Schema
-
-
default
object
-
-
otp
string
required
-
Passcode
-
deviceAuthenticationId
string
required
minLength: 0
maxLength: 100
-
Device Authentication ID
-
otp
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
environment
object
-
properties
object
-
-
id
string
-
id
-
policy
object
-
properties
object
-
-
id
string
-
id
-
selectedDevice
object
-
properties
object
-
-
id
string
-
id
-
application
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
authenticators
array
-
items
array
-
-
type
string
-
type
-
publicKeyCredentialRequestOptions
string
-
_links
object
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
devices
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- FIDO Assertion
-
Ensures that assertions provided to authenticate devices are valid.
Details- Details
-
- Properties
-
-
Device Authentication ID
textField
-
The unique identifier for the MFA Device Authentication.
-
Assertion
textField
-
A string that specifies the authenticator assertion response. The string contains the signed challenge needed to complete the MFA authentication.
-
Origin
textField
-
The address of the server sending the initial registration challenge to the device.
-
WebAuthn Browser Compatibility
textField
-
Device Authentication ID
- Input Schema
-
-
default
object
-
-
assertion
string
required
-
WebAuthn assertion
-
origin
string
required
-
Origin
-
deviceAuthenticationId
string
required
minLength: 0
maxLength: 100
-
Device Authentication ID
-
assertion
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
environment
object
-
properties
object
-
-
id
string
-
id
-
policy
object
-
properties
object
-
-
id
string
-
id
-
selectedDevice
object
-
properties
object
-
-
id
string
-
id
-
application
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
authenticators
array
-
items
array
-
-
type
string
-
type
-
publicKeyCredentialRequestOptions
string
-
_links
object
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
devices
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Read Pairing Key
-
Read pairing key information associated with users.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Pairing Key ID
textField
-
The unique identifier for the pairing key.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
pairingKeyId
string
required
minLength: 0
maxLength: 100
-
Pairing Key ID
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
code
string
-
status
string
-
error
object
-
properties
object
-
-
code
string
-
message
string
-
code
-
createdAt
string
-
updatedAt
string
-
expiresAt
string
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Create Pairing Key
-
Create pairing keys that can be used by native mobile applications to create trust with PingOne MFA.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Applications
dropDownMultiSelect
-
Select the application(s) that can be used with this pairing key. Leave this list empty to allow all available native applications in the environment to be used.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
applicationIds
null/array
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
code
string
-
status
string
-
error
object
-
properties
object
-
-
code
string
-
message
string
-
code
-
createdAt
string
-
updatedAt
string
-
expiresAt
string
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Delete Pairing Key
-
Delete unclaimed pairing keys.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Pairing Key ID
textField
-
The unique identifier for the pairing key.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
pairingKeyId
string
required
minLength: 0
maxLength: 100
-
Pairing Key ID
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Create Authentication Code
-
Create a single-use code to authenticate a user during sign-on using a mobile application. You can embed this code in a scannable QR code, or require that the user manually enter it to sign on.
Details- Details
-
- Properties
-
-
Application
dropDown
-
The unique identifier for the mobile application used to authenticate a user.
- Enter Application ID
-
Application ID
textField
required
-
Duration
textField
-
The period of time that the authentication code is valid, which can be anywhere from 10 seconds to 30 minutes.
-
Time Unit
dropDown
required
-
The units of time used to indicate the authentication code duration.
- SECONDS (Default)
- MINUTES
-
User Approval
dropDown
-
Specify whether the user will need to approve the authentication after they scan the authentication code using a mobile application.
- REQUIRED (Default)
- NOT_REQUIRED
-
Mobile Client Context
variableInputList
-
Additional attributes that can be passed to the mobile application during the authentication.
-
Application
- Input Schema
-
-
default
object
-
-
authenticatingApplicationId
string
required
minLength: 0
maxLength: 100
-
Application ID
-
customAuthenticatingApplicationId
null/string/object
-
duration
string
required
-
Duration in seconds
-
timeUnit
string
-
userApproval
string
required
-
clientContext
array
-
Mobile Client Context
-
items
array
-
-
type
object
- properties
-
type
-
authenticatingApplicationId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
code
string
-
uri
string
-
status
string
-
userApproval
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
clientContext
object
-
_embedded
object
-
properties
object
-
-
device
object
-
properties
object
-
-
id
string
-
os
object
-
properties
object
-
-
version
string
-
type
string
-
version
-
model
object
-
properties
object
-
-
name
string
-
marketingName
string
-
name
-
application
object
-
properties
object
-
-
nativeName
string
-
version
string
-
nativeName
-
id
-
device
-
error
object
-
properties
object
-
-
code
string
-
message
string
-
code
-
createdAt
string
-
updatedAt
string
-
expiresAt
string
-
id
-
headers
object
-
statusCode
integer
-
authenticationCode
object
-
properties
object
-
-
id
string
-
code
string
-
uri
string
-
status
string
-
userApproval
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
clientContext
object
-
_embedded
object
-
properties
object
-
-
device
object
-
properties
object
-
-
id
string
-
os
object
-
properties
object
-
-
version
string
-
type
string
-
version
-
model
object
-
properties
object
-
-
name
string
-
marketingName
string
-
name
-
application
object
-
properties
object
-
-
nativeName
string
-
version
string
-
nativeName
-
id
-
device
-
error
object
-
properties
object
-
-
code
string
-
message
string
-
code
-
createdAt
string
-
updatedAt
string
-
expiresAt
string
-
id
-
rawResponse
-
output
- Read Authentication Code
-
Read the authentication code.
Details- Details
-
- Properties
-
-
Authentication Code ID
textField
-
The unique identifier for the authentication code.
-
Authentication Code ID
- Input Schema
-
-
default
object
-
-
authenticationCodeId
string
required
minLength: 0
maxLength: 100
-
Authentication Code ID
-
authenticationCodeId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
code
string
-
uri
string
-
status
string
-
userApproval
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
clientContext
object
-
_embedded
object
-
properties
object
-
-
device
object
-
properties
object
-
-
id
string
-
os
object
-
properties
object
-
-
version
string
-
type
string
-
version
-
model
object
-
properties
object
-
-
name
string
-
marketingName
string
-
name
-
application
object
-
properties
object
-
-
nativeName
string
-
version
string
-
nativeName
-
id
-
device
-
error
object
-
properties
object
-
-
code
string
-
message
string
-
code
-
createdAt
string
-
updatedAt
string
-
expiresAt
string
-
id
-
headers
object
-
statusCode
integer
-
authenticationCode
object
-
properties
object
-
-
id
string
-
code
string
-
uri
string
-
status
string
-
userApproval
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
lifeTime
object
-
properties
object
-
-
duration
integer
-
timeUnit
string
-
duration
-
clientContext
object
-
_embedded
object
-
properties
object
-
-
device
object
-
properties
object
-
-
id
string
-
os
object
-
properties
object
-
-
version
string
-
type
string
-
version
-
model
object
-
properties
object
-
-
name
string
-
marketingName
string
-
name
-
application
object
-
properties
object
-
-
nativeName
string
-
version
string
-
nativeName
-
id
-
device
-
error
object
-
properties
object
-
-
code
string
-
message
string
-
code
-
createdAt
string
-
updatedAt
string
-
expiresAt
string
-
id
-
rawResponse
-
output
- Set Device Order
-
Setting the device order explicitly orders a user's existing active devices
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Set Device Order
dropDown
-
Select how to set the device order
- Set default device
- Set device order
-
Device ID
textField
-
Enter the device ID of the device which should be set as the default device.
-
Input attributes as JSON?
toggleSwitch
-
Set Device Order
multipleTextFields
-
Enter the device IDs in the order that the devices should be listed for the user.
-
Attributes
codeEditor
-
An array of objects that determines the explicit order of a user's devices. The first device listed becomes the default device. This property is used as a body parameter to set the order of existing devices.
Default:
{ "order": [ { "id": "{{deviceID}}" }, { "id": "{{deviceID2}}" } ] }
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
setDeviceOrder
string
-
defaultDeviceId
string
minLength: 0
maxLength: 100
-
useDeviceOrderJsonAttributes
boolean
-
deviceOrderList
array
-
items
array
-
-
type
object
-
type
-
jsonAttributes
null/string/object
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
applications
array
-
items
array
-
-
type
object
- properties
-
type
-
allowedtypes
array
-
items
array
-
-
type
string
-
type
-
order
array
-
properties
array
-
-
id
string
-
id
-
mfaSettings
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
pairing
object
-
properties
object
-
-
maxAllowedDevices
integer
-
maxAllowedDevices
-
environment
-
mfaPolicy
object
-
properties
object
-
-
authentication
object
-
properties
object
-
-
deviceSelection
string
-
deviceSelection
-
authentication
-
devices
-
size
number
-
_embedded
-
headers
object
-
statusCode
integer
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
order
array
-
properties
array
-
-
id
string
-
id
-
rawResponse
-
output
- Cancel Device Authentication
-
Cancel the authentication process for a specific device.
Details- Details
-
- Properties
-
-
Device Authentication ID
textField
-
The unique identifier for the MFA Device Authentication.
-
Reason For Cancellation
textField
-
The reason that the authentication was canceled. Possible values are SIGNOUT, CHANGE_DEVICE, ADD_DEVICE. Any other reason will get the value - DEFAULT.
-
Device Authentication ID
- Input Schema
-
-
default
object
-
-
reason
string
-
Reason
-
deviceAuthenticationId
string
required
minLength: 0
maxLength: 100
-
Device Authentication ID
-
reason
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
environment
object
-
properties
object
-
-
id
string
-
id
-
policy
object
-
properties
object
-
-
id
string
-
id
-
selectedDevice
object
-
properties
object
-
-
id
string
-
id
-
application
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
authenticators
array
-
items
array
-
-
type
string
-
type
-
publicKeyCredentialRequestOptions
string
-
_links
object
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
devices
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Create Device
-
Create devices to use during authentication.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Device Type
textField
-
The type of device used during authentication. Supported values are: SMS, EMAIL, VOICE, TOTP, YUBIKEY, OATH_TOKEN, PLATFORM, SECURITY_KEY.
-
Activation Status
dropDown
-
The current status of the device. If a device has an ACTIVATION_REQUIRED status, activate it before you add it as a trusted device.
- ACTIVE
- ACTIVATION REQUIRED
-
Phone Number
textField
-
The phone number to associate with the device. Applies only to devices that use SMS and Voice SMS messages during authentication.
-
Email
textField
-
The email address to associate with the device. Applies only to devices that use email during authentication.
-
Device Nickname
textField
-
A nickname that identifies this device. The device nickname is limited to 100 characters.
-
Relying Party ID
textField
-
If you define a Relying Party ID (RPID) here, it overrides the RPID defined in the FIDO policy in the PingOne admin console.
-
Relying Party Name
textField
-
A string that specifies the relying party's human-readable display name.
-
YubiKey
textField
-
The one-time passcode used to authenticate the YubiKey.
-
Serial Number
textField
-
The unique identifier for the OAuth token.
-
User Agent
textField
-
Browser user agent
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
workforceDeviceType
string
required
-
status
string
required
-
nickname
string
-
phone
string
-
email
string
-
rpId
string
-
Relying Party ID
-
rpName
string
-
Relying Party Name
-
userAgent
string
-
User Agent
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
test
object
-
properties
object
-
-
otp
string
-
otp
-
id
-
headers
object
-
statusCode
integer
-
device
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
rawResponse
-
output
- Create Device Authentication
-
Create authentication experiences with virtual or physical devices.
Details- Details
-
- Properties
-
-
User ID Not Required
toggleSwitch
-
Indicates whether the user id is required or obtained from the authentication method used.
-
User ID
textField
-
The unique identifier for the user.
-
MFA Policy ID
textField
-
The ID of the PingID policy evaluation.
-
User Agent
textField
-
Browser user agent
-
Device Details
dropDown
-
Indicates whether to use the user's default authentication method or to provide a specific authentication method.
- ID
- One-Time Device
-
Device ID
textField
-
The selected device id
-
Device Type
textField
-
The one-time device type
-
SMS Phone Number
textField
-
The phone number to associate with the one-time SMS device.
-
Voice Phone Number
textField
-
The phone number to associate with the one-time Voice device.
-
Email
textField
-
The email address to associate with the one-time device.
-
Notification Type
dropDown
-
Indicates whether the notification is intended for a user authentication flow or a device authorization flow.
- Strong Authentication
- Transaction
-
Relying Party ID
textField
-
If you define a Relying Party ID (RPID) here, it overrides the RPID defined in the FIDO policy in the PingOne admin console.
-
WebAuthn Browser Compatibility
textField
-
FIDO Compatibility
textField
-
A string that specifies the FIDO Authenticators that are allowed to be used. Options are FULL (compatible with FIDO2 platform biometrics and security key), SECURITY_KEY_ONLY (compatible with security key only), and NONE (not compatible with FIDO).
-
One-time Passcode
textField
-
The one-time passcode (OTP) of the device used to authenticate. If the Device ID is not provided, the OTP is validated against all the applicable devices.
-
User ID Not Required
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
workforcePolicyMfaPolicyId
string
minLength: 0
maxLength: 100
-
authTemplateName
null/string
-
userAgent
string
-
User Agent
-
rpId
string
-
Relying Party ID
-
deviceAuthenRpId
string
-
Relying Party ID
-
createDeviceTestMode
string
-
Create Test Device
-
oneTimeDeviceTestMode
string
-
Create Test Device
-
usernameLess
boolean
-
User ID Not Required
-
selectedDevice
null/string
-
selectedDeviceId
null/string
-
oneTimeDeviceType
null/string
-
oneTimeSmsDevice
null/string
-
oneTimeVoiceDevice
null/string
-
oneTimeEmailDevice
null/string
-
fidoCompatibility
null/string
-
WebAuthn Compatibility
-
compatibility
null/string
-
WebAuthn Compatibility
-
otp
string
-
Passcode
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
user
object
-
properties
object
-
-
id
string
-
id
-
environment
object
-
properties
object
-
-
id
string
-
id
-
policy
object
-
properties
object
-
-
id
string
-
id
-
selectedDevice
object
-
properties
object
-
-
id
string
-
id
-
application
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
authenticators
array
-
items
array
-
-
type
string
-
type
-
publicKeyCredentialRequestOptions
string
-
_links
object
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
devices
-
test
object
-
properties
object
-
-
otp
string
-
otp
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Create Pairing Key
-
Create pairing keys that can be used by the PingID mobile app to create trust with PingID.
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
id
string
-
code
string
-
status
string
-
error
object
-
properties
object
-
-
code
string
-
message
string
-
code
-
createdAt
string
-
updatedAt
string
-
expiresAt
string
-
id
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Read All Devices
-
Read information for all user devices
Details- Details
-
- Properties
-
-
User ID
textField
-
The unique identifier for the user.
-
Filters
toggleSwitch
-
Filter devices by activation status and device type.
-
Status
dropDown
-
non-active devices are not usable during an authentication.
- ALL (Default)
- ACTIVE
- ACTIVATION REQUIRED
-
Device Types
dropDownMultiSelect
-
- SMS
- Voice
- Authenticator App
- Fido2 Biometrics
- Security Key
- Oath token
- YubiKey
- Desktop app
- PingID Mobile app
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
minLength: 0
maxLength: 100
-
setFilterFlag
boolean
-
statusFilter
string
-
workforceDeviceTypes
array
uniqueItems: true
-
items
array
-
-
type
string
-
maxLength
maxLength: 255
-
type
-
userId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
applications
array
-
items
array
-
-
type
object
- properties
-
type
-
allowedtypes
array
-
items
array
-
-
type
string
-
type
-
order
array
-
properties
array
-
-
id
string
-
id
-
mfaSettings
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
pairing
object
-
properties
object
-
-
maxAllowedDevices
integer
-
maxAllowedDevices
-
environment
-
mfaPolicy
object
-
properties
object
-
-
authentication
object
-
properties
object
-
-
deviceSelection
string
-
deviceSelection
-
authentication
-
devices
-
size
number
-
_embedded
-
headers
object
-
statusCode
integer
-
devices
array
-
items
array
-
-
type
object
-
properties
object
-
properties
object
-
-
id
string
-
type
string
-
status
string
-
nickname
string
-
phone
string
-
extension
string
-
email
string
-
secret
string
-
keyUri
string
-
oathToken
string
-
serialNumber
string
-
rp
object
-
properties
object
-
-
id
string
-
name
string
-
id
-
platform
string
-
publicKeyCredentialCreationOptions
string
-
attributes
object
-
properties
object
-
-
previousDeviceType
string
-
isCrossPlatform
boolean
-
previousDeviceType
-
displayName
string
-
createdAt
string
-
updatedAt
string
-
id
-
type
-
allowedtypes
array
-
items
array
-
-
type
string
-
type
-
applications
array
-
items
array
-
-
type
object
- properties
-
type
-
mfaSettings
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
pairing
object
-
properties
object
-
-
maxAllowedDevices
integer
-
maxAllowedDevices
-
environment
-
mfaPolicy
object
-
properties
object
-
-
authentication
object
-
properties
object
-
-
deviceSelection
string
-
deviceSelection
-
authentication
-
order
array
-
properties
array
-
-
id
string
-
id
-
rawResponse
-
output