If your MFA policy includes FIDO biometrics or security key authentication methods, you'll be asked to update your FIDO policy to the enhanced FIDO2 policy.
- FIDO2 authentication is supported in PingOne MFA and PingOne DaVinci.
- In a future version, PingFederate Integration Kit for PingOne MFA will also support the FIDO2 authentication method. Until support is added, if you are using the PingFederate Integration Kit, do not update your MFA policy to use the FIDO2 authentication method.
- When updating your MFA policies to support the FIDO2 authentication method, you
must also update:
- All scripts that include the deprecated FIDO Biometrics and Security Key authentication methods.
- All PingOne DaVinci flows that include the PingOne MFA Connector, and use the deprecated FIDO Biometrics and Security Key authentication methods.
If you have integrated an existing PingID account with your PingOne environment, after updating FIDO devices to use the FIDO2 authentication method it is not possible to unlink the PingID account. Deleting the PingOne environment will also delete the PingID account.
As of June 20th 2023, FIDO biometrics and Security Key authentication methods are being phased out.
The FIDO2 authentication method replaces the deprecated FIDO biometrics and security key authentication methods and offers an expanded range of configurations and support for a wide range of FIDO authentication devices, including cloud-synced FIDO devices.
If your MFA policy references a FIDO policy with the deprecated authentication methods, you'll see a notice in the MFA page asking you to update the policy.
If you see this notice, follow these instructions to update your policy.
- Updating the MFA policies to use the new FIDO2 authentication method inactivates the deprecated FIDO biometrics and security key authentication methods.
-
After updating MFA policies to the new FIDO2 authentication method, the Allow Pairing checkbox is selected by default.