Field descriptions for the PingOne MFA CIBA Authenticator configuration tab.
Field | Description |
---|---|
PingOne Environment |
For PingFederate 10.2 and later. Select the PingOne connection that you created in Connecting PingFederate to PingOne. This field is blank by default. |
Environment ID |
For PingFederate 10.1 and earlier. The environment ID that you noted in Connecting PingFederate to PingOne. This field is blank by default. |
Region |
For PingFederate 10.1 and earlier. Determines the PingOne API that the adapter communicates with. Select the region that appears on PingOne. in |
Application Client ID |
The client ID that you noted in Creating an OIDC application in PingOne. This field is blank by default. |
Application Client Secret |
The client ID that you noted in Creating an OIDC application in PingOne. This field is blank by default. |
PingOne Authentication Policy | The name of a PingOne authentication policy that is designed
for CIBA. This overrides any policy named in the requested
authentication context. You can enter multiple policy names by separating them with a space. For example, employees contractors. These must all be "CIBA-only" policies. The adapter maps this value to the acr_values parameter of the PingOne OIDC request. When this field is blank, the adapter uses the value of the RequestedAuthnCtx parameter (for SAML SSO flows) or acr_values parameter (for OAuth flows) in the request. If those parameters are empty, PingOne uses the default authentication policy. This field is blank by default. |
Field | Description |
---|---|
Test Username | The PingOne username that the adapter uses to test the
PingOne MFA connection on the Actions
tab. Enter the username for a user that has a paired device and MFA enabled in PingOne. This field is blank by default. |
PingOne Template Name |
Determines the PingOne notification template used to show the CIBA request to the user. For example, if your CIBA notification template in PingOne is a "transaction" template variant called "ciba-purchases", enter transaction. The default value is |
PingOne Template Variant |
Note: Variants for PingOne notification templates are only
available through the PingOne API at
this time. Determines which version of the PingOne notification template used to show the
CIBA request to the user.For example, if your CIBA notification template in PingOne is a "transaction" template variant called "ciba-purchases", enter ciba-purchases. This field is blank by default. |
Client Context |
This optional field allows you to customize the information sent to PingOne with the CIBA request. While the CIBA prompt customizations allows you to customize the user-facing message, this field allows you to send additional information that can be used by the mobile application for your needs. In this field, you can use the following:
The following example shows a variety of context
parameters:
Lines that appear between The default value is a comment explaining the above. |
Messages Files |
Identifies the customizable language-pack file that the authenticator uses. If you customize the language-pack file names in the /server/default/conf/template/language-packs directory, enter the new name here. The default selection is |
API Request Timeout |
The amount of time in milliseconds that PingFederate allows when establishing a connection with PingOne MFA or waiting for a response to a request. A value of 0 disables the timeout. The default value is
|
Proxy Settings |
Defines proxy settings for outbound HTTP requests. The default value is System Defaults. |
Custom Proxy Host |
The proxy server hostname to use when Proxy Settings is set to Custom. This field is blank by default. |
Custom Proxy Port |
The proxy server port to use when Proxy Settings is set to Custom. This field is blank by default. |