A Multi-Factor Authentication Policy (MFA) is a process that uses two or more factors to verify identity
Guidelines for creating MFA Policy for PingOne:
🔗
The Environment ID, Client ID, and Authentication Path from your organization's PingOne account are
required for configuring the PingOne MFA policy in . Currently, supports three
authentication methods: SMS, Email, and the Authenticator app from PingOne.
: Select PingOne from the drop-down. By default, MFA Provider
selects PingOne.
: Enter the policy name, a unique name to identify the policy.
: Enter the details about the policy, this is an optional field.
: Enter the environment id from your organization PingOne
account.
: Enter the client id from your organization PingOne account.
: Enter the authentication path from your organization
PingOne account.
: Select Login ID or Custom This option is
selected depending on the and PingOne username
mapping.
: Select this option if your PingOne username and login ID are identical. By default, this
option is selected.
: Select this option if your PingOne username and login ID are different..
: Users need to enter the valid inputs in each field, if invalid inputs are
entered it throws an error message as Invalid Multi-Factor Authentication Input.
How can the user fetch the details of the mandatory fields from the PingOne account?
🔗
Users need to fetch Environment ID, Client ID, Authentication Path from the organization
PingOne account. For PingOne application configuration, under Resources, ACCESS GRANTS BY
SCOPES, the resource type should be OpenID and the scope should be
profile. Response type "Code" must be selected mandatory along with other fields (if
necessary).
: Unique identifier for the PingOne authentication.
Login to the PingOne account
Go to the home page and select administrator
Go to the environment section and copy the Environment ID
Enter environment id in the Multi-Factor authentication policy window
:
Go to the connections section
PingOne by default offers three applications
You can configure and publish a new application
Client ID is obtained from the created application
Enter client id in the Multi-Factor Authentication policy window
:
Go to the connections section
Open the created application, a window opens
Select Configuration from the toolbar and copy the authorization URL
(https://auth.pingone.asia) which is nothing but an authentication path
Enter authentication path in the Multi-Factor authentication policy window
: The authorization URL changes based on the geographic region of your
organization. Here are some other examples of authorization URLs:
* https://auth.pingone.ca (Canada)
* https://auth.pingone.eu (Europe)
* https://auth.pingone.asia (Asia Pacific)
Guidelines for creating MFA Policy for PingID:
🔗
The IDP URL, Org Alias, Base64Key and Token from your organization's PingID account are required for
configuring the PingID MFA policy in . Currently, supports various authentication
methods: SMS, Email, Desktop PingID application, PingID push notification in mobile, and the
Authenticator app from PingID.
: Select PingID from the drop-down.
: Enter the policy name. This should be a unique name to identify
the policy within an organization.
: Enter the policy details, this is an optional field.
: Enter the IDP URL from the PingID enterprise account.
: Enter the Org Alias information from your PingID enterprise
account.
: Enter the Base64Key from your PingID enterprise account.
: Enter the token information from your PingID enterprise account.
: Select Login ID or Custom This option is
selected depending on the and PingID username
mapping.
: Select this option if your PingID username and login ID are identical. By default, this
option is selected.
: Select this option if your PingID username and login ID are different..
: Users need to enter the valid inputs in each field, if invalid inputs are
entered it throws an error message as Invalid Multi-Factor Authentication Input.
How can the user fetch the details of the mandatory fields from the PingID account?
🔗
Login to the PingID account
Go to Setup
Select PingID
Under Ping ID settings, select Client Integration
Click on the Download button to download the properties file
Open the properties file, you will see all the necessary information (IDP URL, Org
Alias, Base64Key and Token) from the PingID enterprise account
: For PingID MFA policy creation, we can also import the PingID
properties file using “Import Properties File” Option to fetch all the required policy
details
Guidelines for creating MFA Policy for Okta:
🔗
Authentication Path, Client ID and Private Key from your organization's Okta account are required
for configuring the Okta MFA policy in . Currently, supports various authentication
methods: SMS, Email, TOTP, Okta push notification in mobile, and the Authenticator app from Okta.
: Select Okta from the drop-down.
: Enter the policy name. This should be a unique name to identify
the policy within an organization.
: Enter the description details about the policy.
: Enter the Authentication Path from the organization’s Okta account.
: Enter the client ID from the organization’s Okta account.
: Enter the Private Key from the organization’s Okta account.
: Enter the token information from your PingID enterprise account.
: Select Login ID or Custom This option is
selected depending on the and Okta username
mapping.
: Select this option if your Okta username and login ID are identical. By default, this
option is selected.
: Select this option if your Okta username and login ID are different..
: Users need to enter the valid inputs in each field, if invalid inputs are
entered it throws an error message as Invalid Multi-Factor Authentication Input.
How can the user fetch the details of the mandatory fields from the Okta account?
🔗
Login to the Okta account
Go to Applications
Click on Create App Integrations
Select API services, click on Next
Enter App integration name of your choice and click on Save
Click on the application created and copy the Client ID
Click on add key and add a public key of the organization and use the private key to create MFA policy in
Click on Save
Under Okta API scope option in the application, grant access for the policy creation
Select “Okta.user.manage” and click on Grant
Assign the required users to this application
Copy the authentication path from the User section info on the top right