From your PingOne user profile you can add, rename, or delete one or more authentication methods. You can also define your default authentication method.
To enable users with more than one authentication method to define a default multi-factor authentication (MFA) method, you must enable the User-selected default option. See Configuring MFA settings.
A user might not be able to use their default device for various reasons, such as:
- If a user tries to authenticate from a mobile device and device authorization is allowed, then the device authorization occurs.
- If a user has a FIDO device with an active session, this device is used to authenticate the user even if the user changes their default device.
- If policy rules disallow the default device.
You can add different devices, such as a security key or phone biometrics for authentication. You can also add multiple authentication methods that use the same physical device. For example, you could set up MFA using SMS, voice, FIDO2 biometrics, and an authenticator app on a single mobile device. The devices available are defined by your organization.
You should add at least two MFA methods. The methods listed are defined by your administrator, and might vary between environments.