Previous releases - PingFederate - PingOne MFA - PingOne - PingOne Services

PingOne MFA Integration Kit 1.6 — January 2022

Added support for passwordless login using FIDO browser management.
Added the ability to display additional platform information when a user pairs a new biometric device.
Added the ability to provision users and add authentication methods separately.
Fixed an issue that caused an error for users on iOS or Safari when attempting authentication or pair using FIDO.
Fixed an MFA vulnerability. See security bulletin SECADV029.

Fixed an issue that prevented pairing security keys and biometrics when the authentication API or JavaScript Widget was hosted on an external domain.

Fixed an issue that caused an error when the PingOne MFA IdP Adapter was used with other adapters in a password reset flow.
Fixed an issue that could cause an error when pairing devices for users identified with a PingOne user ID.

Added support for the PingOne device integrity check. For details, see Authentication method management.
Note:
If you're upgrading from PingOne MFA Integration Kit 1.4.1 or earlier and want to use the device integrity check feature, update the API Request Timeout in your adapter configuration. To provide time for the device integrity check, the default has been increased from 5000ms to 12000ms.
Improved the user experience for adding additional authentication methods.

Fixed an issue that prevented the device pairing flow from working when the Mobile App option was disabled in the PingOne policy.

Added the ability to authenticate using voice.
Added the ability to override the notification template variant that PingOne shows for transaction approval flows.
Added the ability for a single CIBA authenticator instance to work with multiple PingOne applications. The authenticator now checks for an application identifier in the CIBA request.
Improved the adapter's Authentication method management features:
- Added the ability for users to manually add a wide variety of authentication methods. Enable this feature with the Allow Users to Add Additional Authentication Methods setting.
- Added the ability to prompt users to set up MFA if they have no existing authentication methods. You can also allow users to skip the MFA setup. Enable this feature with the Prompt Users to Set Up MFA and Allow Users to Skip MFA Setup settings.
- Added the ability for users to select a default authentication method. When a default is selected, the adapter skips the selection screen.
Deprecated the Application Client Secret field for PingFederate 10.2 and later.

Fixed an issue that, after upgrading the adapter, caused an error when using the administrative API to bulk import an earlier version of the adapter.

Fixed an issue that caused an error when no port was specified in the PingFederate base URL.

Added the ability to authenticate using timed one-time passcodes (TOTP) with mobile devices.
Added the ability to authenticate using FIDO2-bound biometrics and U2F security keys.
Added support for single logout from PingOne MFA when the user signs off in PingFederate.
Added support for the new account lockout error in PingOne MFA when a user fails multiple consecutive MFA attempts.
Added support for pre-populating adapter settings based on the selected PingOne environment. Available in PingFederate 10.2 or later.
Improved support for device nicknames, making them available for all authentication methods, on all templates, and in the JavaScript Widget for the PingFederate Authentication API.
Fixed an issue that caused an error when a user initiated mobile push for account recovery.
Fixed an issue that caused an error when setting the API Request Timeout value too low.
Fixed an issue that caused the API to return validation errors when upgrading the adapter.

Added the Provision Users and Authentication Methods setting, and related fields, to allow the adapter to provision new users to PingOne MFA and automatically add valid authentication methods for the user.
Added the Update Authentication Methods setting to allow the adapter to register new SMS and Email authentication methods in PingOne MFA.

Added support for the platform connection to PingOne introduced in PingFederate 10.2.
Added support for the PingOne MFA transaction approval flow.
Added support for the PingOne MFA mobile device authorization flow.
Added the ability to authenticate using third-party TOTP authenticators, such as Google Authenticator.
Added support for client-initiated back-channel authentication (CIBA). For information about CIBA, see Improving the Customer Experience with CIBA on the Ping Identity blog.
Added support for the JavaScript Widget for the PingFederate Authentication API.
Added error handling for the following scenarios:
- The device ID is invalid
- The OTP format is invalid
- MFA is disabled for the user
- The user is not found
- The user has no devices paired and automatic pairing is not enabled
- The user has no devices paired, automatic pairing is enabled, but the user is signing on via the web
Added an error page that supports customizable messages using a language pack file.
Improved API endpoint selection by replacing the PingOne API fields with a region list.
Fixed an issue that caused the Authenticating page to refresh periodically when the adapter polled PingOne for updates.
Fixed an issue that prevented users from changing their selected MFA device when the PingOne authentication policy used the Being a member of any of these populations or User Attributes requirements.

Initial release.
Added the ability to authenticate using SMS, email, and push.
Added the ability to automatically pair SMS and email authentication methods.
Added the ability to control which message pages (templates) are shown to the user.
Added the ability to control how the adapter handles sign-on attempts when errors occur.
Added the ability to override the PingOnepolicy received in the requested authentication context.
Added the ability to test the connection to PingOne MFA.
Added support for the PingFederate authentication API.
Added settings for API connection and request timeouts.
Added settings to override the PingFederate system-default proxy settings.