These guidelines help you make effective use of the PingOne for Customers Passwordless solution in your environment.
Select a user journey that fits your users
The PingOne for Customers Passwordless solution includes two user journey options: offer passwordless and require passwordless.
Offer passwordless is appropriate for users who either sign on using a password or already have a passwordless authentication method. Users who already have a registered multi-factor authentication (MFA) device should have their MFA attribute enabled in their user profile in PingOne. Use this option if some of your users currently use passwords.
Require passwordless is appropriate for existing users who all use passwordless authentication or users of a new application. Use this option only if none of your users are using passwords, otherwise, an existing user with a password and no other authentication methods can't sign on.
Select an appropriate flow timeout
When you're configuring your DaVinci flows, you can set a timeout value for the flow as a whole. Because the user's account could be updated later by anyone with access to the device, a flow with a very long or indefinite timeout could be a security risk. Set a value that minimizes that risk.
Clone your flows before using or customizing them
Flows labeled 'OOTB' can be updated by PingOne when we publish flow updates. These updates are not applied automatically, but they add a new latest version to each flow.
By cloning the flows before you apply any customization or use them with customers, you prevent any of your changes or customizations from being accidentally overwritten.
Use caution when customizing flows
If you want to customize the flows in the PingOne for Customers Passwordless solution, do so carefully.
Clone the flows before making customizations so that:
- You can revert to the earlier versions if you encounter breaking changes.
- If you download an updated version of the solution, you don't overwrite your customizations.
Test your customizations in a test environment before importing them into your production environment. Because any additional nodes or flows you add are not part of the standard solution, you must test them to make sure that they're working as you intend.