System requirements

  • Microsoft Active Directory running on Windows Server 2016 or higher
  • Users' computers must be running Windows 10 (64-bit) or Windows 11, and must support TPM 2.0.
    Note: If you have set the Resident Key option to Required for FIDO2 security keys, users do not require TPM on their computer in order to use the passwordless login, provided that they paired their keys after the setting was changed to Required. For more information on the Resident Key option, see (Legacy) Configuring the FIDO2 security key for PingID. Since TPM 2.0 provides a higher degree of security, the passwordless login for Windows will always use TPM for storage if the relevant computer has the necessary support.


  • Admin rights for the Domain Controller
  • A PingOne account
  • A PingID account
  • Users must have the PingID mobile app installed on their devices or a security key that can be used for authentication, and must have paired their device already.