You must have:

  • FIDO2 capable Security Key

    The example below leverages Yubikey 5.

  • PingID Adapter 2.8.
  • A browser that supports WebAuthn.
  • PingFederate 10.2 or later, which provides native support for adding a passwordless authentication flow icon for the HTML Form Adapter along with only showing the Security Key button on the HTML Form when the browser in use supports WebAuthn.

This document makes the following assumptions:

  • The organization has a functioning HTML Form IdP Adapter that passwordless authentication processes can be added to.
  • A new PingFederate authentication policy is being built as opposed to adding to an existing authentication policy, which should also be possible.
  • The authentication policy built within the example is at a global level as opposed to an application-specific one. An admin determines the authentication flow that will be best suited for passwordless experience.

As of this writing, Firefox for Mac does not support PIN code user verification, resulting in the registered security key that has an associated PIN not being recognized.