The list of authentication actions that you can choose to enforce within a policy rule is determined by the authentication methods allowed at the policy level.
Authentication Action | Description | |
---|---|---|
Approve |
Approves access without requiring PingID authentication.
Note: This rule
action cannot be used in a PingFederate passwordless flow, because at least one factor
authentication is required to use the Approve
action. |
|
Authenticate |
Allows a user to authenticate using any of the authentication methods available to the user and allowed at the policy level. Note:
If a user has a mobile app with both biometrics and swipe capabilities, biometrics authentication is given priority. |
|
Authenticator app |
Allows a user to authenticate using an authenticator app only, such as Google authenticator. |
|
Deny |
Denies access. |
|
Desktop |
Allows a user to authenticate using a desktop app only. |
|
|
Allows a user to authenticate using an email app only. |
|
FIDO2 Biometrics |
Allows a user to authenticate using device built in biometrics on a FIDO2 biometrics device. This option is only available for web-based policies. |
|
Mobile App Biometrics |
Allows a user to authenticate with the PingID mobile app using biometrics authentication only. This action works according to the biometrics configuration defined in the admin portal. Swipe authentication is also permitted if the following conditions are met:
Note:
A one-time passcode fallback is also permitted when selecting this option. |
|
DEPRECATED: Fingerprint (with fallback) |
|
|
Number matching |
Authenticate by number matching is permitted.
|
|
Oath Token |
Allows a user to authenticate using an OATH token only. |
|
One-time passcode |
One-time passcode (required) |
Allows a user to authenticate using a OTP obtained from the PingID mobile app only. |
DEPRECATED: One-time passcode (with fallback) |
|
|
SMS |
Allows a user to authenticate using a passcode obtained by SMS only. |
|
Security Key |
Allows a user to authenticate using a security key only. This option is only available for web-based policies. |
|
Swipe |
Swipe (required) |
Allows a user to authenticate using the PingID mobile app swipe action only. Note:
A OTP fallback is also possible when selecting this option. |
DEPRECATED: Swipe (with fallback) |
|
|
Voice |
Allows a user to authenticate using a passcode obtained by a voice message only. |
|
YubiKey |
Allows a user to authenticate using a YubiKey only. |