The following figure illustrates a single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using Duo Universal Prompt.


The PingFederate sign-on flow including the Duo Security IdP Adapter
  1. The user initiates SSO with PingFederate and completes the first-factor authentication step, such as an HTML Form Adapter instance.
  2. PingFederate redirects the user to Duo Universal Prompt with a user identifier.
  3. Duo Security presents the user's second-factor authentication options.
    This screen capture shows a typical Duo Security MFA challenge.
  4. The user completes the MFA challenge in their browser or on their mobile device.
  5. Duo Universal Prompt redirects the browser to PingFederate with an authorization code.
  6. PingFederate provides its credentials and the authorization code to Duo Universal Prompt.
  7. Duo Universal Prompt provides the authentication result and other user attributes.
  8. If the user authenticated successfully, PingFederate provides access to the requested resource.