Configuring a CIBA authenticator instance - PingOne - PingFederate - PingOne MFA - PingOne Cloud Platform

Page created: 9 Nov 2020 |

Page updated: 8 Feb 2022

| 3 min read

PingFederate Integration PingOne Services PingOne MFA PingOne Cloud Platform PingOne Product Language English Integration Content Type Product documentation Audience Administrator

Configure the PingOne MFA CIBA Authenticator to determine how PingFederate communicates with PingOne MFA for Client Initiated Backchannel Authentication (CIBA) requests.

These steps are only required if you want to enable CIBA support. For details, see CIBA request flow.

On the PingFederate administrative console, create a new IdP adapter instance.
- For PingFederate 10.1 or later: go to Authentication > OAuth > CIBA Authenticators. Click Create New Instance.
- For PingFederate 10.0 or earlier: go to Identity Provider > Adapters. Click Create New Instance.
On the Type tab, set the basic adapter instance attributes.
1. In the Instance Name field, enter a name for the authenticator instance.
2. In the Instance ID field, enter a unique identifier for the authenticator instance.
3. From the Type list, select PingOne MFA CIBA Authenticator. Click Next.
Optional: If you want to use the advanced prompt customizations described in CIBA prompt customizations: On the Instance Configuration tab, in the PingOne Template Variables section, map dynamic values to the variables in your PingOne notification template.
For details and examples, see Advanced CIBA prompt customizations.
1. Click Add a new row to 'PingOne Template Variables'.
2. In the PingOne Template Variable Name field, enter the name of a variable in your PingOne notification template.
3. From the PingOne Template Variable Value field, define the value based on the examples shown in Advanced CIBA prompt customizations.
4. In the Action column, click Update.
5. To add more attributes, repeat steps a-d.
On the Instance Configuration tab, configure the authenticator instance by referring to PingOne MFA CIBA Authenticator settings reference. Click Next.
On the Actions tab, test your connection to PingOne MFA. Resolve any issues that are reported, and then click Next.
On the Extended Contract tab, add any attributes that you used in the PingOne Template Variable Value fields on the Instance Configuration tab. Click Next.
The Extended Contract tab acts as an input that defines which attributes are available to use in the PingOne Template Variable Value fields. The subject attribute is always included. For help, see Advanced CIBA prompt customizations.
On the Summary tab, check and save your configuration:
- For PingFederate 10.1 or later: click Save.
- For PingFederate 10.0 or earlier: click Done. On the Manage IdP Adapter Instances tab, click Save.

Configuring a CIBA authenticator instance - PingOne - PingFederate - PingOne MFA - PingOne Cloud Platform - PingOne Services

PingOne MFA Integration Kit