When a user signs on, you can use PingOne Verify to verify a user's identity instead of, or in combination with, a standard multi-factor authentication (MFA) step.

For example, you might use PingOne MFA by default and only trigger PingOne Verify based on:

  • Frequency, such as annually
  • Group, such as for members of the "contractors" group
  • Account age, such as for accounts made in the last two months
  • Past verification, such as users that have never completed the verification process
  • Security risk, such as for users with a PingOne Risk risk evaluation of "MEDIUM" or "HIGH"

You can create these rules in your PingFederate authentication policy.


When a person registers a new user account, you can use PingOne Verify to verify their identity against a piece of government photo ID. By requiring identity verification, you can reduce the number of accounts created by bots, spammers, and imposters.