Considerations for voice pairing and authentication


Some organizations may have customers who do not have a smart mobile device, or prefer not to download mobile apps on their mobile devices. PingID SDK supports the alternative usage of one time passcodes (OTPs) via voice messages.

PingID SDK supports the following:

  • Pairing a user’s first device and additional devices using voice.
  • Authentication using voice OTP.
  • Device management for voice paired devices, including functionality for device unpair, bypass, rename and transition between the primary and secondary device roles.

Several factors should be considered:

  • In contrast to a mobile device, a voice device may be considered a virtual device, since the phone number, rather than a physical device, is paired with a user and application. For example, a phone number used for voice authentication may be ported from one mobile device to another, without affecting its paired PingID SDK status.
  • The voice authentication method must be enabled in the PingID SDK configuration, to allow both pairing and authentication via voice. By default, voice support is disabled in the PingID SDK configuration.
  • If the voice configuration is enabled and there are users with paired voice devices, those devices will be unpaired if the voice configuration is disabled. If the voice configuration is enabled again, it will not automatically pair those devices, and they will remain unpaired.

Usage limits for voice pairing and authentication

The daily counters are reset every night at midnight UTC.

PingID Account Types

Usage PingID Trial PingID Licensed

Enrollment/Pairing

100 per organization

Unlimited

Authentication

5 per user per day (used or unused)

  • Used: 15 (default).

    Configurable to a value between 1-50 per user per day per application.

  • Unused: 10 (default).

    Configurable to a value between 1-50 per user per day per application.

Used and unused voice limits

Term Description

Used

The number of voice authentication requests a user may receive and respond to each day.

Unused

The number of voice authentication requests a user may receive and not respond to each day.

Pairing a user’s device using voice

A voice device can be paired as a user’s primary device, or as an additional device. If the user has no primary device, the voice device is paired as the user’s primary device, otherwise, it is paired as a secondary device.

  • It is possible to name the device during the pairing process or from the self service page, depending on customer implementation.
  • If the device was not named, the PingID SDK server allocates the default name “Phone #”, where the first voice device is “Phone 1”, the second is “Phone 2” and so forth, according to the number of voice devices paired by the user.
  • The pairing message content is provided by the organization. It is possible to send a pairing message in any supported language.
  • Trial accounts are limited to 100 pairing voice messages per account. Fully licensed accounts have an unlimited amount of pairing voice messages.
  • The pairing process fails at any stage of the flow if:

    • The application is disabled.
    • The user is suspended.
    • The voice authentication method is disabled for the application.
    • The user has reached the maximum number of allowed devices.
    • The voice message is invalid.
    • The trial account has reached the limit of 100 pairing voice messages.

    Refer to Offline devices (voice) pairing API for more details.

  • In order to avoid cases of race conditions and confusion in cases of pairing processes which are pending, a new pairing process only invalidates unfinished pairing processes of the same authentication method for this user in this application. For example, initializing a new mobile pairing process invalidates pending mobile pairing processes for this user in this application, but not pending pairing processes for other device types such as SMS or email.

Manual OTP pairing

The manual OTP pairing process comprises 2 steps:

  1. The user receives a message (for example, a voice message) with a one time passcode (OTP).
  2. The user, in turn, has to use the OTP in order to finalize the pairing process. If the user enters an invalid OTP 3 times in succession, the pairing process fails.

Automatic OTP pairing

In automatic OTP pairing, the voice device is paired without user involvement, and is transparent to the user. In this case the user doesn’t have to use the OTP in order to finalize the pairing process.

Authentication using OTP

OTP authentication comprises 2 steps:

  1. The user receives a voice message with a one time passcode (OTP).
  2. The user, in turn, has to use the OTP in order to finalize the authentication process. If the user enters an invalid OTP 3 times in succession, the authentication process fails. If the authentication process is not finalized with a valid OTP within 30 minutes, the authentication process is automatically cancelled.
  • The voice message is invalid.
  • The user reached the daily used or unused voice messages limit.

Refer to Authenticate with voice for more details.

Voice device management

Device management includes functionality for device unpair, bypass, renaming and transition between the primary and secondary device roles. This functionality is implemented for voice devices in the same manner as for mobile application devices.