Page created: 9 Nov 2020
|
Page updated: 8 Feb 2022
| 3 min read
PingFederate Integration PingOne Services PingOne MFA PingOne Cloud Platform PingOne Product Language English Integration Content Type Product documentation Audience Administrator
Configure the PingOne MFA CIBA Authenticator to determine how PingFederate communicates with PingOne MFA for Client Initiated Backchannel Authentication (CIBA) requests.
-
On the PingFederate administrative console, create a new IdP adapter
instance.
- For PingFederate 10.1 or later: go to Authentication > OAuth > CIBA Authenticators. Click Create New Instance.
- For PingFederate 10.0 or earlier: go to Identity Provider > Adapters. Click Create New Instance.
-
On the Type tab, set the basic adapter instance
attributes.
- In the Instance Name field, enter a name for the authenticator instance.
- In the Instance ID field, enter a unique identifier for the authenticator instance.
- From the Type list, select PingOne MFA CIBA Authenticator. Click Next.
- Optional:
If you want to use the advanced prompt customizations described in CIBA prompt customizations: On the Instance
Configuration tab, in the PingOne Template
Variables section, map dynamic values to the variables in your
PingOne notification template.
For details and examples, see Advanced CIBA prompt customizations.
- Click Add a new row to 'PingOne Template Variables'.
- In the PingOne Template Variable Name field, enter the name of a variable in your PingOne notification template.
- From the PingOne Template Variable Value field, define the value based on the examples shown in Advanced CIBA prompt customizations.
- In the Action column, click Update.
- To add more attributes, repeat steps a-d.
- On the Instance Configuration tab, configure the authenticator instance by referring to PingOne MFA CIBA Authenticator settings reference. Click Next.
- On the Actions tab, test your connection to PingOne MFA. Resolve any issues that are reported, and then click Next.
-
On the Extended Contract tab, add any attributes that
you used in the PingOne Template Variable Value fields on
the Instance Configuration tab. Click
Next.
The Extended Contract tab acts as an input that defines which attributes are available to use in the PingOne Template Variable Value fields. The
subject
attribute is always included. For help, see Advanced CIBA prompt customizations. -
On the Summary tab, check and save your configuration:
- For PingFederate 10.1 or later: click Save.
- For PingFederate 10.0 or earlier: click Done. On the Manage IdP Adapter Instances tab, click Save.