Tip: If you already completed the steps in Creating an MFA authentication policy in PingOne, you can choose to use the same policy for CIBA and skip the steps below.

If you reuse your MFA policy for CIBA, make sure your policy allows for mobile applications. PingOne ignores other authentication methods for CIBA requests.

  1. On the PingOne MFA console, go to Settings > Authentication > Policies. Click + Add Policy.
  2. Enter a policy name of your choosing and note it.
    You will use this name in Configuring a CIBA authenticator instance.
  3. From the Step Type list, select Multi-factor Authentication.
  4. In the Available Methods section, select only Mobile Applications.
  5. Configure settings for the application.
    1. Select the Native application that you created in Creating an OIDC application in PingOne.
    2. Leave the Auto Enrollment and Device Authorization check boxes cleared.
  6. Leave the None Or Incompatible Methods or Required When sections blank.
    These sections have no effect on CIBA requests.
  7. Click Save.
  8. Add the policy to your Native application.
    1. On Connections > Applications, expand your application. Click Edit.
    2. On the Policies tab, click the Add button for the policy that you created.
    3. Click Save.