The PingID SDK adapter for PingFederate is an out-of-the-box integration between PingID SDK and PingFederate user authentication flow and adapter chain that permits the option to replace the customer server with PingFederate.
PingID SDK is a mobile SDK for support of PingID multi-factor authentication (MFA) for customer use cases on organizations' own mobile applications. The basic implementation of PingID SDK requires the organization to set up a customer server.
The PingID SDK adapter for PingFederate permits the option to replace the customer server with PingFederate in several use cases.
- PingID SDK adapter for PingFederate contains the pingid.sdk.status attribute. When an authentication flow using the PingID SDK adapter for PingFederate is successful, pingid.sdk.status provides additional information that can be used for determining user permission levels.
- PingID SDK adapter includes customizable pages that are presented to the user as part of the authentication flow.
There are several use cases in which the PingID SDK adapter for PingFederate can replace a customer server, for the purpose of pairing and authenticating a user.
- Automatic device registration (web view)
- Automatic mobile device registration when a user initiates a pairing process for a mobile device.
- Device authorization (web view)
- Seamless user sign-on to an already trusted mobile application which includes PingID mobile SDK
- QR code authentication
- User scanning a QR code with a trusted mobile device. The major objective of this approach is to permit secure passwordless authentication. The customer server does not need advance knowledge of who the user is (for example, first factor authentication is not required).
- Out of band / step up authentication from web
- MFA during user sign-on to a web application
- Out of band / step up authentication from mobile
- MFA during user sign-on to a non trusted mobile device, using the user's primary device for the approval process.
- Transaction approval
- Elevated security for a high value or high risk resource or service, within the particular context of an application, which requires authentication using a higher assurance credential than previously required for general access of the application.
- CIBA authenticator
- Out-of-band MFA using a trusted mobile device as a Client-Initiated Backchannel Authentication (CIBA) authenticator.
- PingFederate Authentication API
- Enables integration with the PingFederate Authentication API for end-user interactions, for step-up authentication and transaction approval. Additionally, it supports mobile device initiated flows such as mobile device registration and seamless device authorization.
For more information, see Supported PingID SDK adapter for PingFederate flows.