Flows of the PingID SDK adapter for PingFederate


The PingID SDK adapter for PingFederate permits the option to replace the customer server with PingFederate in several use cases, for the purpose of pairing and authenticating a user. Admins and developers should consider the supported flows, when implementing the PingID SDK adapter for PingFederate.

Supported use cases and flows

The PingID SDK adapter for PingFederate supports the following use cases:

  • Automatic device registration (web view)

    • Automatic mobile device registration when a user initiates a pairing process for a mobile device.
      • This flow only supports the mobile web view. The user is authenticated as part of PingFederate authentication flow, and once the user is successfully authenticated, control is returned to the mobile app and trust with PingID SDK server is initiated. The adapter returns control to the mobile app.
      • The flow supports registration of mobile devices.
  • Device authorization (web view)

    • A seamless user login to an already trusted mobile application which includes PingID mobile SDK.
      • This flow only supports login to the mobile app via mobile web view, and then returns control to the mobile app.
      • This flow takes the user through the PingID SDK adapter authentication. On successful seamless device authentication, the user is logged in to the app.
  • Out of band / step up authentication from web
    • Multifactor authentication during user login to a web application.
      • Signing in on a web browser initiates PingFederate first factor authentication. Since it is web based, no payload is sent to PingID SDK server.
      • All of the PingID SDK authentication methods are supported: Mobile SDK, SMS, and email.
      • After successful first factor authentication, the adapter directs the PingID SDK Server to send a push notification, SMS or email to the authenticating device.
      • An application development design consideration would be to permit SMS and email device registration, although not via PingFederate.
  • Out of band / step up authentication from mobile
    • Multifactor authentication during user login to a non trusted mobile device, using the user’s primary device for the approval process.
      • This flow supports pairing of new mobile devices only. Mobile, SMS and email devices may be used for approving the new device pairing.
      • The PingID SDK server sends a push notification (if it is a mobile device, or an OTP if it is an SMS or email) to the primary device for authentication. The PingID SDK adapter returns a success or failure status.
      • This flow is relevant only when ADDITIONAL TRUSTED DEVICES is configured to Verify New Devices with Primary Device. In cases where ADDITIONAL TRUSTED DEVICES is configured to Pair Each Device Individually, the Automatic device registration flow is performed every time a user tries to pair an additional device.
      • The PingID SDK server sends a push notification (if it is a mobile device, or an OTP if it is an SMS or email) to the primary device for authentication. The PingID SDK adapter returns a success or failure status.