PingID supports FIDO2 platform biometrics. Users can authenticate on their FIDO2-compatible accessing device using a gesture that is enabled by the device's built-in biometrics.
Supported devices include Windows Hello, iOS and iPadOS devices 14 and later, Android devices 7.0 and later, and Apple Mac machines with fingerprint authentication capabilities.
If a passwordless flow is configured, the passwordless flow is enabled by FIDO2 platform biometrics. For more information, see Configuring FIDO2 passwordless authentication.
PingID receives confirmation that a device has the relevant WebAuthn FIDO2 capabilities with the authenticating browser. If the capabilities are not sufficient, such as the browser is not supported, the OS does not support biometric authentication, or a compatible authentication method is not defined, the user will be unable to authenticate with the FIDO2 biometrics device and might be unable to authenticate at all if that is their only authenticating device.
To enable users to authenticate using FIDO2 platform biometrics, the high-level flow is as follows::
- In the Admin portal, enable FIDO2 platform biometrics.
For more information, see Configuring FIDO2 passwordless authentication or Configuring FIDO2 biometrics for MFA authentication.
- Optional: If required, define a PingID policy.
For more information, see Authentication policy.
- Have the user register their FIDO2 biometrics device and pair it with their PingID account to create a trust between the device and the user's account, so they can use it authenticate during the sign-on process.