Configuring pushless and TOTP MFA for a mobile application - PingOne Cloud Platform - PingOne

PingOne Cloud Platform

bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne Cloud Platform
PingOne
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide > Administrator Guide
Guide

A sign-on policy dictates how the user's identity will be verified when signing on to the system.

Configuring pushless and TOTP MFA for a mobile application using the admin console

  1. Go to Authentication > MFA.
  2. Locate your MFA policy and click the entry to open the details panel.
  3. Click the Pencil icon to enter edit mode.
  4. In Allowed Available Methods > Mobile Applications, click + Application.
  5. In OTP & Push, select one of the following options:
    • OTP: TOTP is enabled and Push is disabled.
    • Push (default): Push is enabled and TOTP is disabled.
    • OTP & Push: TOTP and Push are enabled.
  6. Click Save.

Configuring pushless and TOTP MFA for a mobile application using the API

Application developers can use the API operations to configure TOTP and pushless MFA using a mobile app. The applications parameter is an array of native applications, with additional configuration options for TOTP and pushless MFA.

For more information, see Creating a native app and creating a sign-on policy for a TOTP device.

  1. To update the sign-on policy's MFA action, set the applications parameter values using the PUT operation.
  2. To configure the push and one-time passcode (OTP) options to determine the authentication method, set:
    • push.enabled = true and otp.enabled = true for both Push and TOTP
    • push.enabled = true and otp.enabled = false for Push only
    • push.enabled = false and otp.enabled = true for TOTP only
    Note:

    If you do not create push credentials, only OTP is available.

    The complete PUT operation should look like the following:

    PUT https://api.pingone.com/v1/environments/{{envId}}/signOnPolicies/{{policyId}}/actions/{{mfaActionId}}
    {   
        "priority": 1,
        "type": "MULTI_FACTOR_AUTHENTICATION",
        "sms": {
            "enabled": true
        },
        "email": {
            "enabled": true
        },
    "applications": [
        {
          "id": "{{nativeAppId}}",
          "autoEnrollment": {
            "enabled": true,
            "noDevicesMode": "BYPASS"
          },
          "deviceAuthorization": {
            "enabled": true,
            "extraVerification": "permissive"
          },
         "push":{
             "enabled":true
          },
          "otp":{
             "enabled":true
          }
        }
      ]
    }