With the Duo Security Integration Kit, PingFederate includes Duo Universal Prompt in the sign-on flow.
The following figure illustrates a single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using Duo Universal Prompt.
- The user initiates SSO with PingFederate and completes the first-factor authentication step, such as an HTML Form Adapter instance.
- PingFederate redirects the user to Duo Universal Prompt with a user identifier.
- Duo Security presents the user's second-factor authentication
- The user completes the MFA challenge in their browser or on their mobile device.
- Duo Universal Prompt redirects the browser to PingFederate with an authorization code.
- PingFederate provides its credentials and the authorization code to Duo Universal Prompt.
- Duo Universal Prompt provides the authentication result and other user attributes.
- If the user authenticated successfully, PingFederate provides access to the requested resource.