Configure PingID with the most common settings.
To get your PingID instance up and running quickly:
- In your PingOne environment, click the Overview tab.
- From the Services section, click the PingID icon.
If you're using a trial mode of PingID, you see a notice at the top of the PingID Settings page indicating that your features are limited.
To upgrade your license, contact firstname.lastname@example.org.
In the Admin Message field, enter contact information to
aid users experiencing trouble.
For example: For support with PingID, contact email@example.com.
- To give your users time to get acquainted with the addition of multi-factor authentication (MFA), in the Mandatory Enrollment Date section, enter a date 30 days from the current date.
- To allow users to self-enroll an MFA device the first time they're prompted for MFA, in the Self-enrollment During Authentication section, click Enable.
- To allow your users to enroll multiple devices, in the Maximum Allowed Devices field, enter a number greater than 1.
- To prevent your users from having to select an MFA device every time they authenticate, in the Device Selection section, click Default to Primary.
- To allow users to disconnect their mobile device without administrator approval, in the Device Management section, select the Allow users to unpair and change devices using the mobile app check box.
- To allow users to manage their devices in the PingID console, in the Device Management section, select the Allow users to manage their devices on the web and Enable device management for users with no paired devices check boxes.
- To avoid sending an email to a user every time a new MFA device is added, in the Email Notification for New Devices section, click Disable.
- To maintain the 40-second MFA challenge timeout default, in the New Request Duration section, click Default.
- To allow users to use a one-time passcode (OTP) on their mobile app if a push notification doesn't reach their device, in the One-time Passcode Fallback section, click Enable.
- To require a mobile device to attempt a push notification before the user can use an OTP, in the Direct Passcode Usage section, click Disable.
- To allow the use of a device's native biometrics for an MFA challenge, in the Device Biometrics section, click Enable.
- To enable both iOS and Android devices, in the Enable On section, select the iOS and Android check boxes.
- To prevent accidental automatic MFA approvals when FaceID is enabled, in the Face ID Consent section, click Enable.
- To require users to unlock their device before approving an MFA challenge, in the Authentication While Device is Locked section, click Disable.
- To enable the most common MFA types, in the Alternate Authentication Methods section, select the Enable and Pairing check boxes for SMS, Voice, and Email.
- To allow users to provide their own phone numbers and email addresses when enrolling a device, clear the Pre-populate and Restrict check boxes for SMS, Voice, and Email.
- To maintain English as the supported language, in the Local Language for Voice Calls section, click Disable.
- To prevent abuse of SMS or Voice services, set the Daily Used SMS/Voice Limit field to 15 and the Daily Unused SMS/Voice Limit field to 10.
- To use the default PingID SMS and voice provider, in the Twilio Account section, click Ping Identity.
- To use English for all SMS messages, in the Local Language for SMS section, click Disable.
To enable the simple use of the Desktop OTP application:
- In the Desktop Security PIN section, click Disable.
- In the Use Proxy for Desktop section, click Disable.
To enable a simple configuration for security keys:
- In the Resident Key section, click Not Required.
- In the User Verification section, click Preferred.
- To allow enforcement of MFA policies that you define, in the Enforce Policy section, click Enable.
- To enforce policies specifically for the PingID Windows login agent, in the Enforce Policy for Windows Login, click Enable.
- If you are using a trial version of PingID, to prevent your users from being locked out if your trial expires, in the Evaluation section, click Allow single sign-on without PingID.