Pairing your device with PingID - PingID

What is pairing and why do I need to do it?

PingID lets you use a device or authentication method to sign on to your company services and applications with the added security of multi-factor authentication (MFA). Before you can authenticate, you must pair or connect the device or authentication method you want to use to authenticate with PingID.

The pairing process varies depending on the type of device you want to use. For example, when pairing the PingID mobile app, your company will give you a QR code or pairing key that you can scan or enter into the PingID mobile app to complete the pairing process. If you're pairing a device that uses biometrics, you might be asked to scan your face or fingerprint.

After your device is paired, you can use it to authenticate to any service that your company protects using PingID and access your resources securely.

Below is an example of the pairing process for the PingID mobile app:

1. The user with PingFederate or PingOne as their identity provider (IdP) signs on to a service provider’s (SP) resource. The IdP validates the credentials, and if confirmed, sends a request to the PingID server to create the user and to later authenticate them. The user is prompted to install the PingID mobile app. The PingID server returns a QR code as well as an optional pairing key (13-digit number).
2. The user downloads the PingID mobile app, opens the app, and scans the pairing key QR code (or enters the 13-digit pairing key). The PingID mobile app initiates the pairing process and sends the pairing key to the PingID server with a unique device fingerprint.
3. The PingID server initiates a test out-of-band authentication (OOBA) and sends a pairing push notification to the mobile notification server (Apple APNS or Google FCM).
   Note:

   If the user ignores (or denies) the authentication, PingID still pairs the device.

4. The PingID mobile app receives the notification sent by the mobile notification server.
5. The PingID mobile app sends the PingID server a test request in order to test the established trust components, enabling a security handshake between the app and the server. If all trust components are valid and the device meets the organization’s requirements, the server updates the user’s profile.
6. The PingID server finalizes the pairing process with a success server response message that the device is paired. The PingID mobile app then shows the one-time passcode (OTP) screen to the user.
7. The PingID server triggers a first authentication request that is sent to the user’s mobile device as part of the authentication flow.

Which devices or authentication methods can I pair with PingID?

You can pair various devices, such as the PingID mobile app, an authenticator app like Google Authenticator, or a security key, with PingID.

You can see a list of authentication methods that can be paired with PingID here.

The authentication methods available to you are defined by your company, so some of the methods listed might not be available to you. If you want to know the full list available for your organization, contact your organization's help desk.

I already paired a device with PingID

If you have more than one device paired with PingID, you should be able to pair additional devices in the following situations yourself without needing to contact your help desk.

• My device was lost or stolen
• I want to transfer the PingID mobile app from my old mobile to a new device
• I want to pair an additional device or add an authentication method
• I forgot my device or left it at home

I want to pair a device or authentication method for the first time

The pairing process varies slightly depending on the device or authentication method you want to use and the resource you want to access (account or app through a web browser, your VPN, your Windows machine, or your Mac machine).

Find the authentication method that you want to pair in the following table, and then click the link for the resource you want to access.