Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
With the Duo Security Integration Kit, PingFederate includes Duo Security in the sign-on flow.
The following figure illustrates a single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using PingOne MFA.
- The user initiates SSO with PingFederate and completes the first-factor authentication step, such as an HTML Form Adapter instance.
- PingFederate contacts Duo Security and provides the user identifier.
- Duo Security provides the user's MFA challenge options.
- The Duo Security IdP Adapter presents the authentication challenge options in the browser.
- Depending on the authentication method, one of the following occurs:
- For push notification, Duo Security sends a push notification to the user's mobile app. PingFederate polls the API until Duo Security provides the authentication result.
- For call authentication, Duo Security sends the one-time passcode (OTP) to the user by phone. In the browser, PingFederate shows a form requesting the OTP. The user enters the OTP in the form.
- For passcode authentication, the user enters a passcode in the form.
- If the user authenticates successfully, PingFederate provides access to the requested resource. Otherwise, it shows the user an optional page with the reason authentication failed.