Before configuring PingID for passwordless authentication, make sure you:

To use PingID as a passwordless authentication solution for federated single sign-on (SSO) with PingFederate, in PingFederate you'll need to:

  • Create an authentication policy contract.
  • Create a local identity profile and associate it with the HTML Form Adapter instance.
  • Create an authentication policy.
  1. Create a PingFederate authentication policy for passwordless authentication using a security key: (see also Policies).
    1. Go to Policies:
      • PingFederate 10.1 and higher: Click Authentication, and then click Policies.
      • PingFederate 10 and lower: In the Identity Provider tab, under Authentication Policies, click Policies.
    2. In the Policies tab, ensure the IdP Authentication Policies check box is selected, and then click Add Policy.
    3. In the Name field, enter a meaningful name for the authentication policy.
    4. In the Policy dropdown, select IdP Adapters and then select the HTML Form Adapter. A branch for the HTML form Adapter is added to the PingFederate policy tree, and FAIL/SUCCESS fields are added.
    5. Directly under the HTML form Adapter field, click Rules and in the Rules popup window enter the following information, and then click Done:
      • Attribute Name: Select policy.action.
      • Condition: Select equal to (case insensitive).
      • Value: Type Security Key as your authentication source.
      • Result: Type Security Key as your authentication source.
      • Select the Default to success check box.

      A Security Key branch is added to the PingFederate policy tree.

    6. In the HTML Form Adapter branch FAIL field, click Done.
    7. In the HTML Form Adapter branch Security Key field dropdown list, select IdP Adapters, and then select the PingID Adapter. SUCCESS and FAIL fields are added to the Security Key branch.
      1. Under the Security Key branch FAIL field, click Done.
      2. In the Security branch SUCCESS field dropdown list select the endpoint you require. For example:
    8. In the HTML Form Adapter branch SUCCESS field dropdown list, select the action that you want to apply and configure it appropriately. For example:
      • If configuring the PingID Adapter (recommended), do the following:
        1. In the SUCCESS branch dropdown list, select IdP Adapters and then select PingID Adapter. SUCCESS and FAIL fields are added to the branch.
        2. Under the PingID Adapter FAIL field, click Done.
        3. In the PingID Adapter SUCCESS field, select the local identity profile you created earlier.
        4. Under the local identity profile click Local Identity Mapping and complete the relevant mapping with the PingID Adapter (see also Configuring contract mapping).
          Note: For a list of attributes that can be used upon successful authentication with PingID, see PingID authentication attributes.
        5. Under the PingID Adapter entry, click Options and specify the following fields:
          • Source: HTML Form Adapter
          • Attribute: Username
          • Make sure the User ID Authenticated check box is selected.
      • If configuring a local identity profile:
        1. In the SUCCESS branch dropdown list, select the Local Identity Profiles, and then select the local identity profile that you created earlier.
        2. Directly under the HTML Form Adapter branch SUCCESS field click Local Identity Mapping, complete the relevant mapping from your source to the local identity contract, (see Configuring local identity mapping), and then click Done.
  2. Save the PingFederate policy.
  3. Add any further configurations, for example: