If you have an existing PingOne account, you can use an authentication policy to enable PingID as a secondary authentication solution for PingOne SSO.
Configure and manage the PingID service using the PingOne admin portal. For more information, see Configure the PingID service.
How it works: PingOne secondary authentication with PingID
- A user with PingOne as their identity provider (IdP) signs on to a service provider’s (SP) resource. After PingOne successfully validates the user’s credentials, it sends a request to the PingID server to authenticate the user.
- PingID sends a request through the notification server to the PingID app installed on the user’s mobile device.
- The mobile notification server sends a notification to the PingID mobile app, and the user approves the sign-on request using the PingID mobile app.
- PingID initiates an out-of-band authentication (OOBA) of the user.
- The PingID server sends an authorization reply to the SP, which completes the sign-on process.