Enabling user and authentication method provisioning - PingOne Cloud Platform - PingOne Services - PingOne - PingFederate - PingOne MFA

PingOne MFA Integration Kit

bundle
pingfederate-pingone-mfa-ik
ft:publication_title
PingOne MFA Integration Kit
Product_Version_ce
PingOne Cloud Platform
PingOne Services
PingOne
PingOne MFA
category
Administrator
Audience
ContentType
English
Integration
Language
Product
Productdocumentation
integrationdocx
p1
p1cloudplatform
p1mfax
p1services
pingfederate
ContentType_ce
Product documentation
Integration

The PingOne MFA IdP Adapter supports automatic provisioning for users and some authentication methods.

Note:

To enable this feature, follow this guide while you complete the steps in MFA setup.

The PingOne MFA IdP Adapter supports automatic pairing for some authentication methods. When the user signs on, the adapter gets the user's username and contact information from attributes in the PingFederate authentication policy. The adapter uses this information to create the user account (if necessary) and authentication methods for the user in PingOne. This process happens automatically as part of the just-in-time provisioning.

You can only use this technique to provision the following one-time passcode (OTP) authentication methods:
  • SMS
  • voice
  • email
  1. When Configuring an adapter instance, do the following:
    1. Select the following check boxes:
      • Provision Users and Authentication Methods
      • Update authentication methods
    2. In the Username Attribute field, enter the name of the attributes that will contain the username.
    3. In the SMS Attribute, Voice Attribute, and Email Attribute fields, enter the name of the attributes that will contain the user's contact information.
    4. Set the Default Authentication Method for Provisioned Users.
  2. When Adding PingOne MFA to your authentication policy, configure the policy path so the attributes you named are populated before the PingOne MFA IdP Adapter is triggered. For example, you could use the HTML Form Adapter to provide a sign-on form and get the user's phone number from your datastore.