General
PingID SDK enables you to provide your customers with advanced multifactor authentication (MFA) functionality that balances security and convenience. To send your consumers branded, customizable push notifications, you can embed the PingID mobile SDK into new or existing iOS or Android apps. As an alternative authentication factor, you can also use SMS, voice and email notifications with customized content and a one time passcode (OTP). The PingID SDK also provides the option to integrate QR code based authentication as a passwordless authentication option in your mobile apps. These methods allow your organization to provide MFA without introducing unnecessary friction or forcing your consumers to download a separate MFA application.
This solution leverages Ping Identity’s expertise in MFA technology for strong customer authentication during transaction approvals, mobile app logins, web logins, and more. It also allows customers to manage their own trusted devices.
The ShopCo demo video below is an example of the mobile SDK implementation for a retailer, but the SDK can apply equally to other industries. This demo covers out of band (OOB) MFA, individual transaction approvals, access security for multiple mobile devices, customer self management of their mobile devices and more.
Watch the demo now:
PingID SDK comprises the following components:
- The PingID SDK component for iOS and Android applications.
- The PingID SDK API.
Most organizations have a traditional first factor authentication flow, in which the native application authenticates via an authentication server using the user’s username and password. Implementation of PingID SDK requires minimal changes to this paradigm.
PingID SDK supports the ability for a user to have several trusted devices, as well as a single device to be used as a means to authenticate several users. This is referred to as the concept of a network of trusted devices. Refer to Network of trusted devices.
PingID SDK’s multifactor authentication mechanism includes:
-
Device authorization: A seamless MFA, executed in the background, that does not influence the user experience. It’s comprised of a payload, a small packet of data that identifies the device, which is passed from the native application to the authentication server, and then onwards to the PingID SDK server. This enables the performing of MFA as part of the regular authentication flow, with minimal impact in terms of code changes and performance, and no impact on user experience.
-
Out of band (OOB) MFA: Out of band MFA is an optional extra verification extension to device authorization, so that it incorporates a separate communications channel with the device. Out of band MFA provides a superior level of security, which may add several seconds to the duration of the authentication flow.
-
Transaction approval: Step up authentication in cases of high value or high risk transactions, as defined by the organization. In some applications, it may make sense not to use the second factor authentication capabilities during the login process, but activate it during certain user actions, such as payments or when accessing sensitive user information. These action are referred to as transaction approval authentications, as they elevate the user’s security context when required by the business logic.
For further details on MFA in PingID SDK, refer to Multifactor authentication (MFA) methods.
What the documentation contains
This document is primarily intended for mobile (iOS and Android) and server developers.
For administrator related documentation, please refer to Manage PingID SDK applications in the PingID administrator guide.
The documentation is structured so that you’ll be able to integrate the PingID SDK component into your applications easily and quickly.
We recommend that you follow these steps in the order provided, to get up and running:
- Refer to Glossary. Understand and familiarize yourself with PingID SDK’s terminology.
- Refer to Network of trusted devices. Understand the concept behind a user’s network of trusted devices.
- Refer to PingID multifactor authentication (MFA). Understand the authentication processes of PingID SDK.
- Refer to User device pairing. Understand the pairing processes of PingID SDK.
- Refer to Getting started to integrate apps with PingID SDK, with examples from the “Moderno” demo app:
- The authentication server: Download and run our authentication server source code, as an example of how to integrate calls to the PingID SDK server into your own authentication flow.
- The demo applications (iOS and Android): Download the source code and compile it in your development environment, to understand how to integrate it into the authentication code in your mobile applications.
- Refer to PingID SDK adapter for PingFederate for implementations where the customer server is replaced by using the PingID SDK adapter for PingFederate.