The FIDO2 authentication method is only available for PingID accounts that have been integrated into a PingOne environment.

The FIDO2 authentication method replaces the deprecated FIDO biometrics and security key authentication methods and offers expanded configuration options and support for a wide range of FIDO authentication devices, including cloud-synced FIDO devices.

If you have already integrated your PingID account with a PingOne environment, update it to use the enhanced FIDO2 policy.

  • Updating to FIDO2 permanently inactivates the legacy FIDO2 biometrics and Security Key authentication methods and cannot be undone. Note that at this stage, the FIDO2 authentication method cannot be used with DaVinci-based flows.
  • After updating a PingID account to use the FIDO2 authentication method it is no longer possible to unlink the PingID account from the PingOne environment. Deleting the PingOne environment will also delete the possible to unlink the PingID account.
  1. Sign on to the Admin portal and go to Setup > PingID > Configuration
    After your PingID account is successfully integrated into a PingOne environment in the Alternate Authentication Methods section, you'll see a new entry for the FIDO2 authentication method.
  2. In the Alternate Authentication Methods section, in the FIDO2 row, make sure the Enable and Pairing check boxes are selected.
    Note: If you previously enabled Security Key or FIDO2 Biometrics authentication methods, those options are greyed out. These authentication options are removed and become legacy when you save the configuration changes.

    Screen Capture of the Alternate Authentication Methods section of the Configuration tab, showing the FIDO2 authentication method check boxes selected, and the Security Key and FIDO2 Biometrics check boxes greyed out
  3. Click Save. You'll see the following warning message:
    Screen capture of a warning message that states "Saving this configuration activates the new FIDO2 authentication method and permanently inactivates the legacy FIDO2 Biometrics and Security Key authentication methods. This change cannot be undone". There is a Save button and a Discard button

All Security Key or FIDO2 Biometrics authentication methods and associated configurations are upgraded to the FIDO2 authentication method.

In PingOne, the FIDO2 policy shows the full range of options available, as well as the default Passkey and Security Key policies. To learn more about FIDO2 policy configuration, see Creating a FIDO policy in the PingOne Cloud Platform documentation.