Page created: 30 Jan 2021
|
Page updated: 8 Feb 2022
When using the PingOne MFA IdP Adapter through the PingFederate authentication API, the following flow is used for requesting authorization using a push notification to the user's paired mobile app.
Authorization via the mobile app

- The user completes first-factor authentication. Completion of first-factor authentication is a prerequisite before progressing to MFA, when using the PingOne MFA IdP Adapter with the PingFederate Authentication API flow.
- The status of
AUTHENTICATION_REQUIRED
is returned in the response to the Mobile app (API client). - The Mobile app (API client) gets a mobile payload from the mobile SDK.
- The Mobile app (API client) invokes the
authenticate
action, using the mobile payload. - The status of
PUSH_CONFIRMATION_WAITING
together with theselectedDeviceRef
object are returned in the response to the Mobile app (API client). - The Mobile app (API client) invokes the
poll
action, so that PingFederate gets the status of the mobile push. This is repeated until either a successful status is received or a timeout is reached. - The status of
MFA_COMPLETED
together with thedevice_authorized
code are returned in the response to the Mobile app (API client). - The Mobile app (API client) invokes the
continueAuthentication
action. The Mobile app (API client) must callcontinueAuthentication
in order to progress in the OIDC flow, and to complete it. - PingFederate returns an access token to the Mobile app (API client).