Device management

Page created: 5 Apr 2021 |

Page updated: 8 Feb 2022

| 3 min read

Product PingID Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

As part of the provisioning process, the PingID Provisioner can add and update the authentication devices associated with each user in PingID.

For general information about devices, see PingID authentication for the web and Managing your devices in the PingID documentation.

Nicknames

PingID assigns nicknames to authentication devices. These nicknames appear in the user interface, such as on the device management page. The PingID Provisioner also uses nicknames to identify the devices it manages.

The following are the "managed" nicknames used by the provisioning connector:

Email 1
Email 2
Email 3
SMS Number 1
SMS Number 2
SMS Number 3
Voice Number 1
Voice Number 2
Voice Number 3

The connector can only manage these nine devices.

Mapping attributes to nicknames

Each of the managed devices can be populated by a matching user attribute on the Attribute Mapping tab of the channel configuration. The matching attributes are prefixed with "MFA", such as "MFA SMS Number 1".

You can map these attributes in the Creating a provisioning connection part of the setup process.

Device management

The PingID Provisioner can compare the device values (the email address or phone number) in PingID against the values in the datastore. The datastore is always considered the source of truth when updating the nine managed devices, but you can choose how the connector handles other devices it finds. Alternately, you can turn off device management and use PingID as the source of truth.

You can configure the connector's device management behavior using the Manage devices setting in the Creating a provisioning connection part of the setup process.

Setting	Description
Do not manage devices	PingFederate doesn't provision or manage any devices in PingID. Users can manage their own devices as shown in Managing your devices in the PingID documentation.
Merge devices	PingFederate provisions devices to PingID using the nine managed nicknames. When updating a user, if there is a conflict between the datastore and PingID for one of the managed devices, the datastore takes precedence. PingFederate removes and re-creates the device in PingID with the new value. Attention: When updating the user's "primary" device, the user has to choose it as their primary device again. The provisioner doesn't change devices with non-managed nicknames, such as devices added by the user or an administrator.
Overwrite devices	This behaves the same as Merge devices, except the provisioner removes all devices with non-managed nicknames, such as devices added by the user or an administrator.

Setting

Description

Do not manage devices

PingFederate doesn't provision or manage any devices in PingID.

Users can manage their own devices as shown in Managing your devices in the PingID documentation.

Merge devices

PingFederate provisions devices to PingID using the nine managed nicknames.

When updating a user, if there is a conflict between the datastore and PingID for one of the managed devices, the datastore takes precedence. PingFederate removes and re-creates the device in PingID with the new value.

Attention: When updating the user's "primary" device, the user has to choose it as their primary device again.

The provisioner doesn't change devices with non-managed nicknames, such as devices added by the user or an administrator.

Overwrite devices

This behaves the same as Merge devices, except the provisioner removes all devices with non-managed nicknames, such as devices added by the user or an administrator.

Primary devices

In PingID, each user can have one "primary" device. The user is prompted to authenticate using this device by default.

When creating a new user, the PingID Provisioner can set a primary device automatically. You can customize this behavior with the Primary Device on Create setting in the Creating a provisioning connection part of the setup process.

When updating existing users, the PingID Provisioner doesn't set or change the primary device.

Setting	Description
Do not manage	PingID Provisioner can provision devices, but it doesn't set a primary device.
MFA Email 1	PingID Provisioner sets `Email 1` as the user's primary authentication device.
MFA SMS Number 1	PingID Provisioner sets `SMS Number 1` as the user's primary authentication device.
MFA Voice Number 1	PingID Provisioner sets `Voice Number 1` as the user's primary authentication device.