PingID for Azure AD enables multi-factor enrollment and authentication capabilities for users who are authenticating using Azure Active Directory. PingID's detailed and flexible access policies also allow for the extension of the conditional access policies defined in Azure AD.

The following figure demonstrates a typical user flow.

  1. The user attempts to login to an application using their credentials. Their credentials are validated against Azure Active Directory.
  2. Azure evaluates the Conditional Access Policy, which indicates that a PingID custom control is protecting the application.
  3. Azure redirects the user to the PingID service to perform multi-factor authentication.
  4. PingID performs multi-factor authentication using the configured authentication method (e.g., Swipe, Mobile App Biometrics, YubiKey, etc.). Once the user has successfully authenticated, PingID returns a response to Azure indicating a successful completion of multi-factor authentication for that user.
  5. Once all the Conditional Access Policy conditions are evaluated and complete, Azure authorizes the user's access to the target application.