Multi-factor authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. Each piece of evidence must come from a different category: something they know, something they have, or something they are. Ping Identity provides a number of products and methods for configuring MFA.
Configuring MFA with PingID
PingID MFA is a strong authentication solution that allows you to authenticate to your app, application portal, or desktop machine using additional authentication methods, such as your mobile device, to enhance security and provide ease of access to your apps. For more information, see the following sections in the PingID End User Guide.
- PingID authentication for the web - You can use PingID as a second factor of authentication when accessing multiple web applications in your browser or mobile device.
- PingID authentication for VPN - You can use PingID as a second factor of authentication when accessing your VPN or any remote access clients that support the RADIUS protocol.
- PingID authentication for Windows login - Using a supported, paired device, you can use PingID to authenticate to your Windows machine using either passwordless or second-factor authentication.
- PingID authentication for Mac login - Using a supported, paired device, you can use PingID as a second factor of authentication when signing on to your Apple Mac machine.
Configuring MFA with PingFederate and PingOne
The PingOne MFA Integration Kit allows PingFederate to use the PingOne MFA service for multi-factor authentication (MFA). This allows you to integrate MFA into SAML, WS-Fed, OAuth, and OIDC flows in a seamless way leveraging one configuration for all use cases. For more information, see PingOne MFA Integration Kit.
Integrating MFA with SSO using PingID and PingFederate
You can configure PingID with PingFederate to establish a connection between the two products for the purpose of integrating MFA with single-signon (SSO) capabilities. This allows you to integrate MFA into SAML, WS-Fed, OAuth, and OIDC flows in a seamless way leveraging one configuration for all use cases. For more information, see Integrating MFA with SSO (PingID with PingFederate).
Setting up MFA for PingOne
PingOne MFA is a cloud-based service that enables customers to protect their organization’s network, applications, and data resources. You can use the MFA service to integrate MFA into your applications that leverage PingOne SSO. For instructions on configuring PingOne MFA, see Getting started with PingOne MFA.
Configuring MFA for the PingFederate administrative console using PingID
PingID is a cloud service that enables multi-factor authentication using a mobile application. The PingFederate administrative console supports authentication through the RADIUS protocol, which provides a common approach for implementing strong authentication in a client-server configuration.
By combining these two capabilities, you can configure PingID to provide MFA to protect access to the PingFederate administrative console, which meets the requirement of stronger authentication for administrators accessing security-related software products.
For instructions on configuring MFA for the PingFederate administrative console, see Multi-factor console authentication using PingID.