---
title: Setting up passwordless authentication in PingOne
description: Learn how to set up passwordless authentication and eliminate the need for your users to enter a password. Passwordless authentication is a quick and easy configuration where end users sign on with a paired multi-factor authentication (MFA) device.
component: solution-guides
page_id: solution-guides:workforce_use_cases:htg_p1_passwordless_authn_setup
canonical_url: https://docs.pingidentity.com/solution-guides/workforce_use_cases/htg_p1_passwordless_authn_setup.html
revdate: April 14, 2025
page_aliases: ["workforce_use_cases:htg_p1_passwordless_authn_setup_policy_p1.adoc", "workforce_use_cases:htg_p1_passwordless_authn_setup_no_paired_device.adoc", "workforce_use_cases:htg_p1_passwordless_authn_setup_add_policies_app.adoc", "workforce_use_cases:htg_p1_passwordless_authn_setup_testing.adoc"]
section_ids:
  creating-a-passwordless-authentication-policy-in-pingone: Creating a passwordless authentication policy in PingOne
  before-you-begin: Before you begin
  steps: Steps
  creating-an-authentication-policy-for-users-without-a-paired-mfa-device: Creating an authentication policy for users without a paired MFA device
  steps-2: Steps
  adding-the-authentication-policies-to-an-application: Adding the authentication policies to an application
  steps-3: Steps
  testing-the-configuration: Testing the configuration
---

# Setting up passwordless authentication in PingOne

Learn how to set up passwordless authentication and eliminate the need for your users to enter a password. Passwordless authentication is a quick and easy configuration where end users sign on with a paired multi-factor authentication (MFA) device.

In this configuration, a user without a paired MFA device can still authenticate with their credentials.

## Creating a passwordless authentication policy in PingOne

### Before you begin

Configure the application in PingOne that will use passwordless authentication.

### Steps

1. Go to **Authentication > Authentication**.

2. Click **[icon: plus, set=fa]Add Policy**.

3. In the **Policy Name** field, enter a name for your policy.

4. In the **Step Type** list, select **Multi-factor Authentication**.

5. In the **Available Methods** section, select the allowed MFA methods for end users.

   The following image shows the available MFA methods.

   ![A screen capture of the admin console showing all of the MFA checkboxes. Every checkbox in the Available Methods section is selected.](_images/dzn1619047089030.png)

   |   |                                                                                                                                |
   | - | ------------------------------------------------------------------------------------------------------------------------------ |
   |   | To enable **Mobile Applications**, go to **Applications > p1-nav-connected-applications}** and configure a native application. |

6. In the **None Or Incompatible Methods** section, select **Bypass**.

   |   |                                                                            |
   | - | -------------------------------------------------------------------------- |
   |   | If **Block** is selected, users without a paired MFA device can't sign on. |

7. In the **Required When** section, select when re-authentication will be required, such as when a user is accessing the application from an out-of-range IP address.

8. Click **Save**.

## Creating an authentication policy for users without a paired MFA device

### Steps

1. On the **Authentication Policies** page, click **[icon: plus, set=fa]Add Policy**.

2. In the **Policy Name** field, enter a name for your policy.

3. From the **Step Type** list, select **Login**.

4. **Optional:** Select any additional options.

5. Click **Save**.

## Adding the authentication policies to an application

### Steps

1. Go to **Applications > Applications** and expand the application that you want to add passwordless authentication to.

2. On the **Policies** tab, in the **All Policies** list, click the **Plus** ([icon: plus, set=fa]) icon for your backup policy, and then click the **Plus** ([icon: plus, set=fa]) icon for your passwordless policy to add them to the **Applied Policies** list.

   |   |                                                                                                                                                             |
   | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | Because the most recently added policy is added as the primary policy, verify that the passwordless policy is listed first in the **Applied Polices** list. |

   ![A screen capture of the console showing the Policies tab when editing an application.](_images/egi1619052769676.png)

3. Click **Save**.

## Testing the configuration

To test the configuration:

* Initiate an authorization request if your application uses OpenID Connect (OIDC).

* Initiate a single sign-on (SSO) request if your application uses SAML.

PingOne prompts for a username.

* If the user has a paired device, PingOne prompts them to complete MFA depending on the allowed methods. After they authenticate, they're redirected to the target application.

* If the user doesn't have a paired device, PingOne prompts them to sign on with a username and password and then prompts them to pair an MFA device.