PingOne MFA CIBA Authenticator settings reference - PingFederate - PingOne MFA - PingOne - PingOne Services - PingOne Cloud Platform

PingOne MFA Integration Kit

bundle: pingfederate-pingone-mfa-ik
ft:publication_title: PingOne MFA Integration Kit
Product_Version_ce: PingOne MFA; PingOne; PingOne Services; PingOne Cloud Platform
category: Administrator; Audience; ContentType; English; Integration; Language; Product; Productdocumentation; integrationdocx; p1; p1cloudplatform; p1mfax; p1services; pingfederate
ContentType_ce: Integration; Product documentation

Field descriptions for the PingOne MFA CIBA Authenticator configuration tab.

Standard fields
Field	Description
PingOne Environment	For PingFederate 10.2 and later. Select the PingOne connection that you created in Connecting PingFederate to PingOne. This field is blank by default.
Environment ID	For PingFederate 10.1 and earlier. The environment ID that you noted in Connecting PingFederate to PingOne. This field is blank by default.
Region	For PingFederate 10.1 and earlier. Determines the PingOne API that the adapter communicates with. Select the region that appears on Settings > Environment > Properties in PingOne.
Application Client ID	The client ID that you noted in Creating an OIDC application in PingOne. This field is blank by default.
Application Client Secret	The client ID that you noted in Creating an OIDC application in PingOne. This field is blank by default.
PingOne Authentication Policy	The name of a PingOne authentication policy that is designed for CIBA. This overrides any policy named in the requested authentication context. You can enter multiple policy names by separating them with a space. For example, `employees contractors`. These must all be "CIBA-only" policies. The adapter maps this value to the acr_values parameter of the PingOne OIDC request. When this field is blank, the adapter uses the value of the RequestedAuthnCtx parameter (for SAML SSO flows) or acr_values parameter (for OAuth flows) in the request. If those parameters are empty, PingOne uses the default authentication policy. This field is blank by default.

Advanced fields
Field	Description
Test Username	The PingOne username that the adapter uses to test the PingOne MFA connection on the Actions tab. Enter the username for a user that has a paired device and MFA enabled in PingOne. This field is blank by default.
PingOne Template Name	Determines the PingOne notification template used to show the CIBA request to the user. For example, if your CIBA notification template in PingOne is a "transaction" template variant called "ciba-purchases", enter `transaction`. The default value is `transaction`.
PingOne Template Variant	Note: Variants for PingOne notification templates are only available through the PingOne API at this time. Determines which version of the PingOne notification template used to show the CIBA request to the user. For example, if your CIBA notification template in PingOne is a "transaction" template variant called "ciba-purchases", enter `ciba-purchases`. This field is blank by default.
Client Context	This optional field allows you to customize the information sent to PingOne with the CIBA request. While the CIBA prompt customizations allows you to customize the user-facing message, this field allows you to send additional information that can be used by the mobile application for your needs. In this field, you can use the following: $oobAuthRequestContext Context for the out-of-band authentication/authorization request. This information is always provided to PingOne. $languagePackMessages The language-pack file configured for this authenticator. This allows you to dynamically customize the language of the message. $subject The user's PingOne username or user ID. $JSONValue A JSON utility class that can be used to escape text and convert objects to JSON. Methods include: escape(String s) – Escape quotes, `\`, `/`, `\r`, `\n`, `\b`, `\f`, `\t` and other control characters (U+0000 through U+001F). toJSONString(Object value) – Convert an object to JSON text. CIBA request policy contract attributes Attributes that you add on the Extended Contract tab are available here using the `$<name>` syntax. For example, `$currency`. The following example shows a variety of context parameters: `{ "requestingApplicationName": "$JSONValue.escape($oobAuthRequestContext.requestingApplication.name)", "requestedScope": $JSONValue.toJSONString($oobAuthRequestContext.requestedScope.values()), "amount": "$JSONValue.escape($amount)", "alert.color": "red" }` Lines that appear between `#` and `#` are comments. They are not evaluated or sent to PingOne. The default value is a comment explaining the above.
Messages Files	Identifies the customizable language-pack file that the authenticator uses. If you customize the language-pack file names in the /server/default/conf/template/language-packs directory, enter the new name here. The default selection is `pingone-mfa-messages`.
API Request Timeout	The amount of time in milliseconds that PingFederate allows when establishing a connection with PingOne MFA or waiting for a response to a request. A value of 0 disables the timeout. The default value is `2000`.
Proxy Settings	Defines proxy settings for outbound HTTP requests. The default value is System Defaults.
Custom Proxy Host	The proxy server host name to use when Proxy Settings is set to Custom. This field is blank by default.
Custom Proxy Port	The proxy server port to use when Proxy Settings is set to Custom. This field is blank by default.