To use PingID multi-factor authentication (MFA) for VPN authentication, you must install the PingID Integration Kit.
Before you install the PingID Integration Kit:
- Register for the PingID Enterprise service on PingOne.
- Configure the PingID service and download the PingID properties file (see Managing the PingID properties file).
- Ensure you have installed the relevant PingFederate version as follows:
- Beginning with PingID Integration Kit 2.11, PingFederate 10.0 or later is required
- Beginning with PingID Integration Kit 2.10, PingFederate 9.3 or later is required
- Beginning with PingID Integration Kit 2.6, PingFederate 9.2 or later is required
- Beginning with PingID Integration Kit 1.4, PingFederate 8.4 or later is required
- PingID Integration Kit 1.3 or earlier: requires PingFederate 8.3 or earlier (minimum supported version PingFederate 7.3)
- Ensure you have network access to your PingFederate installation.
- Ensure you have administrator permissions on PingFederate.
- Open ports:
- 443 (outbound to Internet)
- 1812 (UDP, to/from RADIUS clients)Note:
Port 1812 is required only if you plan on using the password credential validator (PCV) for RADIUS. This is the default port for RADIUS, but you also have the option of setting a different port number for the RADIUS client and RADIUS PCV. To change the port for the PCV, use the RADIUS Server Authentication Port option.
For further details about required web access, see PingID required domains, URLs, and ports.
The PingID Integration Kit is bundled as part of PingFederate 8.2 and later. If you have installed a recent version of PingFederate, no further action is required.
If you are doing any of the following, you'll need to install the integration kit manually:
- Using an earlier version of PingFederate.
- Updating the PingID Integration Kit.
- Installing the optional PingID offline MFA feature. PingID offline MFA requires that
device information be stored on the user directory for retrieval when PingID cloud
service is offline. If your organization requires the PingID offline MFA feature,
configure the user directory. For more information, see User directory for PingID offline MFA.Note:For more information about offline MFA, see PingID Offline MFA.
- PingID Integration Kit 2.0 and later is required for PingID offline MFA.
- The setup of the prerequisite user directory for PingID offline MFA should be implemented before you stop the PingFederate server for deployment of the upgrade.