--- title: Authentication description: This page explains the use cases and deployment methods for PingOne Recognize authentication. component: recognize page_id: recognize:introduction:authentication canonical_url: https://docs.pingidentity.com/recognize/introduction/authentication.html llms_txt: https://docs.pingidentity.com/recognize/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: April 15, 2026 section_ids: login: Sign-on mobile-sdk: Mobile SDK web-sdk: Web SDK step-up: Step-up payments: Payment authentication (PSD2/3 compliant) no-camera-preview-beta: No camera preview [BETA] --- # Authentication After users are enrolled, you can use PingOne Recognize to authenticate them at three different steps of a user journey: * [Sign-on](#login) * [Step-up](#step-up) * [Payments](#payments) ## Sign-on Use the PingOne Recognize login flow to verify the enrolled user and device before granting access. ### Mobile SDK PingOne Recognize offers Android and iOS SDKs to enable logins from your app's login or account creation page. Flutter and React Native (BETA) bridges are also supported. The captured image is securely encrypted and sent to the PingOne Recognize server to verify a match to the originally enrolled user. No biometric data is stored. The Mobile SDK can also generate a JSON Web Token (JWT) with a custom payload, allowing customers to manage and audit login sessions. Learn more: * [Mobile SDK](../mobile-sdk/mobile-sdk-authentication.html) * [JWT Signing](../mobile-sdk/mobile-sdk-jwt-signing.html) ### Web SDK Customers can integrate the login flow into their own web-based services. Learn more in [Web SDK^](../web-sdk/web-sdk-getting-started.html). ## Step-up PingOne Recognize provides in-app step-up authentication for high-risk actions like address or credential changes, offering stronger security than passwords or SMS one-time passwords (OTPs). The authentication flow is identical to the [Login](#login) process, whether you use the Mobile SDK or the Web SDK. The JWT signing feature can help customers verify changes made in a custom payload. ## Payment authentication (PSD2/3 compliant) PingOne Recognize offers dynamic linking for businesses required to comply with PSD2 Strong Customer Authentication (SCA) regulations. This is supported through a user interface launched using the Mobile SDK, displaying custom payload details, such as transfer amounts and recipients. Upon successful authentication, the SDK issues a JSON Web Token (JWT) containing a signature of the provided payload. Per regulatory requirements, PingOne Recognize allows customers to set (enroll) a PIN (personal identification number) as a knowledge factor to authenticate transactions as an alternative to face authentication. This PIN can also be authenticated, changed, or deleted using the API. Learn more: * [Dynamic Linking](../mobile-sdk/mobile-sdk-dynamic-linking.html) * [JWT signing](../mobile-sdk/mobile-sdk-jwt-signing.html) * [PIN](../mobile-sdk/mobile-sdk-pin-authentication.html) ## No camera preview \[BETA] PingOne Recognize now offers a "No Camera Preview" variant where a small icon appears as an overlay instead of opening the front-facing camera on the user's device. This option can be configured using the SDK for any use case, authentication, or user. Learn more in [Camera Preview Customization (BETA)](../mobile-sdk/mobile-sdk-authentication.html).