Multiple access mode is supported from the following software versions:

  • PingFederate 9.2 or later
  • PingID Integration Kit 2.6 (PingID Adapter 2.5)
  1. Configure PingFederate to determine whether the accessing device is organization-owned, and whether it is a private or shared device. Choose from the following methods to obtain this information.
  2. Configure multiple access mode.
    1. Download the PingID properties file. For more information, see Managing the PingID properties file for PingFederate.
    2. Create an HTML form adapter instance. Refer to HTML Form Adapter and Configure an HTML Form Adapter instance in the PingFederate admin guide. Make sure that:
      • Session State is set to None.
      • Enable 'This is my device' box is selected.
    3. Configure authentication sessions for the HTML Form Adapter. For more information, see Configure authentication sessions.
    4. Create a PingID adapter instance. For more information, see Configuring a PingFederate policy for secondary authentication. Make sure that:
      • Type is set to PingID Adapter 2.5 or later, to support multiple access mode.

      The multiple access mode capability requires PingFederate Authentication Policies rather than the Composite adapter:

      • Create an Authentication Policy Contract (APC). For more information, see Policy contracts.
      • Create an authentication policy for the PingID adapter. For more information, see Policies.

The following table summarizes the main flows, based on the attributes of the accessing device. These attributes are assessed to determine the use case, and whether the device is organization-owned, single or multi-user, or whether these attributes are unknown:

Accessing device attributes Process flow
Use case scenario Organization-owned device Single/Multiple user device HTML login form presents 'This is my device' checkbox Session information saved

Private accessing device: Each access device is organization-owned, and assigned to only one user.


Single user



Shared accessing device: Access devices are organization-owned, and each device is identifiable before login at access time, as a multiple-user shared device.


Multiple users



Unknown accessing device: Access is permissible from devices whose status as a single-user or multi-user device is not identifiable before login at access time.

These devices may also be either organization-owned privately owned.

Since PingFederate cannot determine whether the access device is private or shared, the user is prompted at login to indicate the device status.

In this use case, the behavior is identical regardless of whether or not the access device is organization-owned.

Unknown whether single or multiple user device, when PingFederate presents the HTML login form


Depends on the user's response:

  • Yes:

    If the user checks 'This is my device'.

  • No:

    If the user leaves 'This is my device' unchecked.