PingID support for FIDO2 Security Keys extended to Windows login

FIDO2 and U2F compatible security keys enable relying parties to offer a strong cryptographic second factor option for end user security, and to take advantage of the security benefits of FIDO2 technology. PingID now supports FIDO2 and U2F security keys for authentication with Windows login.

See (Legacy) Configuring the FIDO2 security key for PingID, in the PingID Admin Guide and Using a security key (FIDO2) for authentication in the PingID User Guide.

Support for Windows Login authentication when using multiple domains

You can now enable support for multiple domains. When enabled, this feature allows users to log in to a domain that was not specified during installation.

Resolved issues

Ticket ID Description
PID-6263 Fixed an issue that was forcing case sensitive login when logging on to Windows login via RDP using offline authentication flow.
PID-7639 Fixed an issue that was causing Windows login to count a single failed login attempt as two failed login attempts.

Known issues and limitations

Authentication via security key not permitted for Window Login via RDP
It is not possible to authenticate with a security key when accessing Windows Login via Remote Desktop, due to current limitations with FIDO2.
Trust domain relationship failure may prevent login to Windows

In the event of a trust domain relationships failure, in some cases, after successful second factor authentication, the user may see an ERROR_TRUSTED_RELATIONSHIP_FAILURE error and may not be able to access their account.

Second factor authentication with PingID for Windows Hello
Microsoft does not currently support the addition of second factor authentication when using the Windows Hello biometric login flow.
  • For PingID for Windows Login v2.2 integration and higher, if Windows Hello biometric authentication is enabled, users can either:
    • Log in using Windows Hello biometric authentication only.
    • Authenticate with their username and password. When authenticating with username and password, PingID can be used for second factor authentication.
  • PingID for Windows Login v2.1 and lower does not support authentication with Windows Hello when Windows Hello is in biometrics mode.