Authentication flow

Page created: 14 Jun 2021 |

Page updated: 8 Feb 2022

| 1 min read

RSA SecurID Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

When using the RSA SecurID IdP Adapter through the PingFederate authentication API, the following flow is used for multi-factor authentication (MFA) requests. This is initiated in the web browser.

Flowchart showing the RSA SecurID authentication flow between the User, API Client and PingFederate.

If the user uses SecurID Adapter as second-factor authentication, the user must complete first-factor authentication before progressing to the SecurID Adapter.
The status of SECURID_CREDENTIAL_REQUIRED is returned.
The API client displays the information returned by PingFederate.
The user enters the corresponding SecurID credential.
The API client invokes the checkCredential action.
One of the following situations occurs:
- Authentication succeeded and PingFederate returns the subject to the API Client.
- The status of SECURID_NEXT_TOKENCODE_REQUIRED is returned.
  - User status is `Next Tokencode required` in RSA SecurID.
  - The API client notifies the user next tokencode is required.
  - The user enters tokencode.
  - The API client invokes the checkNextTokencode action.
  - Authentication succeeded and PingFederate returns the subject to the API Client.