The following diagram shows a general authentication flow. The actual configuration varies depending on your organizational infrastructure considerations and policies.

Flowchart showing a typical authentication flow, as described in the topic text.
  1. A user opens their IPSec or SSL VPN sign on window and enters a user name and password.
  2. The VPN RADIUS client sends their details to the RADIUS Server on PingFederate.
  3. PingFederate authenticates the user’s credentials using the LDAP server as first-factor authentication.
  4. After LDAP authentication approval, the RADIUS server initiates a second authentication using PingID, and the user receives a push notification to the relevant device, such as the PingID mobile app or a YubiKey.
  5. The user approves the push notification or responds by entering a one-time passcode (OTP).
  6. The PingID cloud service verifies the response and sends it back to the RADIUS server.
  7. The RADIUS server returns a response to the VPN. If authentication is denied or an error occurs, the user receives an error message on their VPN window.

To configure PingID VPN integration, complete the following:

  1. Install the PingID Integration Kit in PingFederate.
  2. Configure the RADIUS server settings in PingFederate.

    For more information, see Configuring a RADIUS server on PingFederate.

  3. Configure your VPN client settings.