Creating a CIBA authentication policy PingOne - PingOne - PingFederate - PingOne MFA - PingOne Cloud Platform

Page created: 10 Nov 2020 |

Page updated: 8 Feb 2022

| 1 min read

PingFederate Integration PingOne Services PingOne MFA PingOne Cloud Platform PingOne Product Language English Integration Content Type Product documentation Audience Administrator

Create a simplified Client Initiated Backchannel Authentication (CIBA) authentication policy in PingOne MFA to handle CIBA authentication requests.

Tip: If you already completed the steps in Creating an MFA authentication policy in PingOne, you can choose to use the same policy for CIBA and skip the steps below.

If you reuse your MFA policy for CIBA, make sure your policy allows for mobile applications. PingOne ignores other authentication methods for CIBA requests.

On the PingOne MFA console, go to Settings > Authentication > Policies. Click + Add Policy.
Enter a policy name of your choosing and note it.
You will use this name in Configuring a CIBA authenticator instance.
From the Step Type list, select Multi-factor Authentication.
In the Available Methods section, select only Mobile Applications.
Configure settings for the application.
1. Select the Native application that you created in Creating an OIDC application in PingOne.
2. Leave the Auto Enrollment and Device Authorization check boxes cleared.
Leave the None Or Incompatible Methods or Required When sections blank.
These sections have no effect on CIBA requests.
Click Save.
Add the policy to your Native application.
1. On Connections > Applications, expand your application. Click Edit.
2. On the Policies tab, click the Add button for the policy that you created.
3. Click Save.

Creating a CIBA authentication policy PingOne - PingOne - PingFederate - PingOne MFA - PingOne Cloud Platform - PingOne Services

PingOne MFA Integration Kit