Use Cases

Setting up passwordless authentication in PingOne

Learn how to set up passwordless authentication and eliminate the need for your users to enter a password. Passwordless authentication is a quick and easy configuration where end users sign on with a paired multi-factor authentication (MFA) device.

In this configuration, a user without a paired MFA device can still authenticate with their credentials.

Creating a passwordless authentication policy in PingOne

Before you begin

Configure the application in PingOne that will use passwordless authentication.

Steps

  1. Go to Experiences → Authentication Policies.

  2. Click Add Policy.

  3. In the Policy Name field, enter a name for your policy.

  4. In the Step Type list, select Multi-factor Authentication.

  5. In the Available Methods section, select the allowed MFA methods for end users.

    The following image shows all of the available MFA methods.

    A screen capture of the admin console showing all of the MFA check boxes. Every check box in the Available Methods section is selected.

    To enable Mobile Applications, go to Connections → Applications and configure a native application.

  6. In the None Or Incompatible Methods section, select Bypass.

    If Block is selected, users without a paired MFA device can’t sign on.

  7. In the Required When section, select when re-authentication will be required, such as when a user is accessing the application from an out-of-range IP address.

  8. Click Save.

Creating an authentication policy for users without a paired MFA device

Steps

  1. On the Authentication Policies page, click Add Policy.

  2. In the Policy Name field, enter a name for your policy.

  3. From the Step Type list, select Login.

  4. Optional: Select any additional options.

  5. Click Save.

Adding the authentication policies to an application

Steps

  1. Go to Connections → Applications and expand the application that you want to add passwordless authentication to.

  2. Click the Pencil () icon to edit the application.

  3. On the Policies tab, in the All Policies list, click the Plus () icon for your backup policy, and then click the Plus () icon for your passwordless policy to add them to the Applied Policies list.

    Because the most recently-added policy is added as the primary policy, verify that the passwordless policy is listed first in the Applied Polices list.
    A screen capture of the console showing the Policies tab when editing an application.

  4. Click Save.

Testing the configuration

To test the configuration:

  • Initiate an authorization request if your application uses OpenID Connect (OIDC).

  • Initiate a single sign-on (SSO) request if your application uses SAML.

PingOne prompts for a username.

  • If the user has a paired device, PingOne prompts them to complete MFA depending on the allowed methods. After they authenticate, they’re redirected to the target application.

  • If the user doesn’t have a paired device, PingOne prompts them to sign on with a username and password and then prompts them to pair an MFA device.