FIDO devices that are paired directly using PingOne self-service do not work with PingFederate authentication flow unless the devices were registered with custom domain configuration. With custom domain configuration on PingOne, the PingFederate domain can be configured to run on its subdomain and allows FIDO devices to be used interchangeably.

For information on how to set up a custom domain on PingOne, see Setting up a custom domain.

To support custom domain deployment, PingFederate can be configured to run on a subdomain of the custom domain by changing the PingFederate base URL or using a virtual host name. For more information, see Specifying federation information or Virtual host names in the PingFederate documentation.