Enrolling a user authentication device - PingOne Cloud Platform - PingOne

PingOne Cloud Platform

bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne Cloud Platform
PingOne
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide > Administrator Guide
Guide

PingOne MFA authenticates a user by sending a notification to the user's authentication device and then receiving a corresponding response within a specified amount of time.

The permitted notification methods are configured in sign-on policies. For PingOne MFA to send notifications to a user, the user must have at least one authentication device associated with their user profile (also known as device pairing).

In a multi-factor authentication (MFA) environment, the default sign-on policy is a single step of MFA. A user who wants to sign on to the MyAccount UI must have an MFA device in advance, except for the admin, who can sign on to MyAccount from the admin console.

A user needs at least one associated device for PingOne MFA. In this example, your user's authentication device is an email address that receives a one-time passcode (OTP) each time PingOne MFA is triggered.

Enrolling a user authentication device using the admin console

  1. In a browser window, go to the MyAccount UI at https://apps.pingone.com/<envId>/myaccount/#mfa.
  2. At the sign-on prompt, enter the username and password.
    Note:

    For the purpose of this example getting started flow, you can use your admin account credentials.

  3. At the top of the page, click Authentication.
  4. Click Add Method.
  5. Click Email.
  6. Enter the email address that will receive OTP email notifications for PingOne MFA.

    An OTP email notification is sent to the email address.

  7. Click Next.
  8. To complete pairing the email address as an MFA authentication device with the user account, on the Email Pairing page, enter the OTP from the email notification.
  9. Click Next.

    The Your Authentication Methods list on the Authentication page shows the email address that you paired.

    Tip:

    For more information and additional configuration options, see Managing your PingOne user profile.

Trigger an MFA authentication request

Enrolling a user authentication device using the API

Application developers can use the API operations to enroll a user's authentication device.

Trigger an MFA authentication request