Configure FIDO2 security key for PingID authentication. FIDO2 and U2F-compatible security keys enable relying parties to offer a strong cryptographic authentication option for end user security.
You can use a security key hardware authenticator to cover many use cases, including those of sensitive environments or users working in environment with limited device or phone access, such as hospitals, financial institutions, or federal buildings.
FIDO2 security keys are fully backward compatible with U2F, enabling PingID to support both FIDO2 and U2F security keys.
When security key authentication is enabled, the user registers the security key and pairs it with their PingID account. This creates a trust between the security key and the user's account, so they can use the security key to authenticate during the sign-on process.
Use security keys for web-based authentication through WebAuthn supporting browsers only.
Passwordless security key
You can configure a PingFederate policy to allow users to authenticate with their security key as a first factor authentication, eliminating the need to enter a users name or password, and providing a frictionless and secure sign on experience.- (Legacy) Configuring security key authentication with Resident Key set to Required.
- Configure a PingFederate policy for passwordless authentication with a security key (see (Legacy) Configuring a PingFederate policy for passwordless authentication with a security key).
For information about security key requirements and limitations, see (Legacy) Security key authentication requirements and limitations.
The process of registering a security key is the same for both passwordless and secondary authentication flows. The user is directed to the relevant flow, according to your organization’s configuration. Once registered, the same security key can be used to authenticate via either flow (see Setting up your security key in the PingID User Guide).Manual authentication with a FIDO2 security key
- FIDO2 security key for manual authentication is supported by PingID Integration for Windows login 2.3 or later.
- U2F security key for manual authentication is only supported by PingID Integration for Windows login 2.3 - 2.7.x.