The PingOne MFA IdP Adapter only supports "passwordless" multifactor authentication (MFA) flows, where MFA is the only factor, or node, in the policy. The default policies in PingOne, including the default "Multi_factor" policy, are not supported.
  • Before enabling passwordless authentication, ensure that you have set up and validated an MFA device for you and your users, because they will not be able to sign in without a second factor.
  • We strongly discourage setting a passwordless policy as the default password policy.
  1. On the PingOne MFA console, go to Settings > Authentication > Policies. Click + Add Policy.
  2. Enter a policy name of your choosing and note it.
    You will use this name in Configuring an adapter instance.
  3. From the Step Type list, select Multi-factor Authentication.
  4. In the Available Methods section, select the authentication methods that you want user to be able to use.
    • If you created a Web application, select any of Email, SMS, or Authenticator App.
    • If you created a Native application, select any of Email, SMS, Authenticator App, or Mobile Applications.
  5. If you select Mobile Applications, configure settings for the application.
    1. Select the Native application that you created.
    2. Optional: Select the Auto Enrollment check box to allow users to pair new devices automatically during the sign on flow.
    3. Leave the Device Authorization check box cleared.
  6. In the None Or Incompatible Methods section, select the default behavior for cases where the user does not have a valid authentication method set up. If you are Enabling the MFA setup prompt, select Block.
  7. Optional: In the Required When section, configure authentication triggers.
  8. Click Save.
  9. Add the policy to your Web or Native application.
    1. On Connections > Applications, expand your application. Click Edit.
    2. On the Policies tab, click the Add button for the policy that you created.
    3. Click Save.