The PingOne MFA IdP Adapter only supports multifactor authentication (MFA) flows in which Multi-factor Authentication is the only step configured in the PingOne authentication policy.

Important:

To use a default policy in PingOne for MFA, you must make sure that Multi-factor Authentication is the only step in the policy.

  1. In the PingOne MFA console, go to Authentication > Authentication and click + Add Policy.
  2. Enter a policy name of your choosing and note it.
    Remember:

    You will use this policy name in Configuring an adapter instance.

  3. In the Step Type list, select Multi-factor Authentication.
  4. In the MFA Policy list, select an MFA policy to specify which authentication methods a user can use to authenticate themselves.
  5. In the None Or Incompatible Methods section, select a default behavior for cases where the user does not have a valid authentication method set up:
    • Block: If the user doesn't have a valid authentication method set up, MFA fails.
    • Bypass: If the user doesn't have a valid authentication method set up, they continue to the next step as if they completed MFA successfully.
  6. Optional: In the Required When section, configure authentication triggers.
  7. Click Save.
  8. Add the policy to your Web or Native application:
    1. In the PingOne MFA console, go to Applications > Applications and expand your application.
    2. On the Policies tab, click + Add Policies or click the Pencil icon, then select the check box for the policy that you created.
    3. Click Save.