Note:

To enable this feature, follow this guide while you complete the steps in MFA setup.

The PingOne MFA IdP Adapter supports automatic pairing for some authentication methods. When the user signs on, the adapter gets the user's username and contact information from attributes in the PingFederate authentication policy. The adapter uses this information to create the user account (if necessary) and authentication methods for the user in PingOne. This process happens automatically as part of the just-in-time provisioning.

You can only use this technique to provision the following one-time passcode (OTP) authentication methods:
  • SMS
  • voice
  • email
  1. When Configuring an adapter instance, do the following:
    1. Select the following check boxes:
      • Provision Users and Authentication Methods
      • Update authentication methods
    2. In the Username Attribute field, enter the name of the attributes that will contain the username.
    3. In the SMS Attribute, Voice Attribute, and Email Attribute fields, enter the name of the attributes that will contain the user's contact information.
    4. Set the Default Authentication Method for Provisioned Users.
  2. When Adding PingOne MFA to your authentication policy, configure the policy path so the attributes you named are populated before the PingOne MFA IdP Adapter is triggered. For example, you could use the HTML Form Adapter to provide a sign-on form and get the user's phone number from your datastore.