Enter these setting in PingFederate to configure multiple access mode.
Multiple access mode is supported from the following software versions:
- PingFederate 9.2 or later
- PingID Integration Kit 2.6 (PingID Adapter 2.5)
-
Configure PingFederate to
determine whether the accessing device is organization-owned, and whether it is
a private or shared device. Choose from the following methods to obtain this
information.
- Reference the source IP address. For more information, see Configure the CIDR Authentication Selector.
- Inspect the global HTTP header. For more information, see Configure the HTTP Header Authentication Selector.
- Information returned by a mobile device management (MDM) system. Refer
to the documentation for the following MDM Integration Kits available for
PingFederate:
- MobileIron: Configuring MobileIron for PingID MDM integration
- Workspace ONE UEM (formerly known as AirWatch): Configuring Workspace ONE UEM for PingID MDM integration
- Inspect the distinguished name (DN) of the accessing device.
-
Configure multiple access mode.
The following table summarizes the main flows, based on the attributes of the accessing device. These attributes are assessed to determine the use case, and whether the device is organization-owned, single or multi-user, or whether these attributes are unknown:
Accessing device attributes | Process flow | |||
---|---|---|---|---|
Use case scenario | Organization-owned device | Single/Multiple user device | HTML login form presents 'This is my device' checkbox | Session information saved |
Private accessing device: Each access device is organization-owned, and assigned to only one user. |
Yes |
Single user |
No |
Yes |
Shared accessing device: Access devices are organization-owned, and each device is identifiable before login at access time, as a multiple-user shared device. |
Yes |
Multiple users |
No |
No |
Unknown accessing device: Access is permissible from devices whose status as a single-user or multi-user device is not identifiable before login at access time. These devices may also be either organization-owned privately owned. Since PingFederate cannot determine whether the access device is private or shared, the user is prompted at login to indicate the device status. |
In this use case, the behavior is identical regardless of whether or not the access device is organization-owned. |
Unknown whether single or multiple user device, when PingFederate presents the HTML login form |
Yes |
Depends on the user's response:
|