download pdf

PingID® is a multi-factor authentication (MFA) solution that balances secure access to applications with ease of use for the end user. It helps customers define and enforce authentication policies that are tailored to the needs of the enterprise. PingID adds strong authentication to PingOne®, PingFederate®, Secure Shell (SSH), Windows RDP or any RADIUS compliant VPN server.




When an administrator enables PingID, the user is prompted to walk through a selfregistration process to register their device. First, they install an application on their Apple or Android phone or tablet. Next, they scan a QR code or enter a pairing code to pair their device with PingID. Once registered, the device is ready for use. If the user does not have an Apple or Android device, they can elect to authenticate using one-time passwords (OTPs) that are sent via SMS, voice call, or email. Alternatively, they can utilize a Yubikey hard token or the Windows or Mac desktop applications. Alternately, the user can choose to register and authenticate with a YubiKey hard token.





When policy dictates the need for strong authentication, the PingID service will send a notification to the user’s smartphone. On iOS and Android devices, this is sent via the Apple or Android notification service, eliminating the expense of sending an SMS or voice call. The notification will require the user to swipe their device to sign on and the user will be authenticated. In the event that a user is unable to get a signal to their mobile phone, an offline mode is available where the mobile app generates an OTP. Alternately, the OTP can be delivered via SMS, voice, email or desktop application. Finally, a YubiKey hard token can also be used in sensitive environments or for users without device or phone access.




For ultimate convenience, PingID can be configured to use the fingerprint reader on the registered device. After the notification is sent to the phone, the user will simply touch the fingerprint reader for authentication. This is an optional feature that works with Apple’s Touch ID and select Android devices.



multi-factor authentication diagram

Advanced Policy Support


Administrators can define advanced authentication, pairing and device posture policies, including:


  • Limit MFA to specific groups, IP addresses or applications
  • Geo-fencing allows users to avoid prompt for MFA if device is inside a “secure” area
  • Root detection allows users to avoid prompt for MFA if their device is rooted/jailbroken
  • MFA session allows users to avoicd prompt for MFA if user was authenticated within last X minutes

Related Resources