PingID SDK adapter for PingFederate overview


PingID SDK is a mobile SDK for support of PingID multifactor authentication for customer use cases, on organizations’ own mobile applications. The basic implementation of PingID SDK requires the organization to set up a customer server.

The PingID SDK adapter for PingFederate is an out-of-the-box integration between PingID SDK and PingFederate user authentication flow and adapter chain, that permits the option to replace the customer server with PingFederate in several use cases, as follows:

The PingID SDK adapter for PingFederate supports all of the PingID SDK authentication methods: Mobile SDK, SMS, voice and email.

  • PingID SDK adapter for PingFederate contains the pingid.sdk.status attribute. When an authentication flow via the PingID SDK adapter for PingFederate is successful, pingid.sdk.status provides additional information which may be used for determining user permission levels.
  • PingID SDK adapter includes screens that are presented to the user as part of the authentication flow. These screens are customizable.

Supported flows

There are several use cases in which the PingID SDK adapter for PingFederate can replace a customer server, for the purpose of pairing and authenticating a user:

  • Automatic device registration (web view)

    • Automatic mobile device registration when a user initiates a pairing process for a mobile device.
  • Device authorization (web view)

    • A seamless user login to an already trusted mobile application which includes PingID mobile SDK.
  • Out of band / step up authentication from web

    • Multifactor authentication during user login to a web application.
  • QR code authentication

    • A user scanning a QR code with a trusted mobile device. The major objective of this approach is to permit secure passwordless authentication. The customer server does not need advance knowledge of who the user is (for example, first factor authentication is not required).
  • Out of band / step up authentication from mobile

    • Multifactor authentication during user login to a non trusted mobile device, using the user’s primary device for the approval process.
  • Transaction approval

    • Elevated security for a high value or high risk resource or service, within the particular context of an application, which requires authentication using a higher assurance credential than previously required for general access of the application.
  • CIBA authenticator

    • Out-of-band MFA using a trusted mobile device as a Client Initiated Backchannel Authentication (CIBA) authenticator.
  • PingFederate Authentication API

    • Enables integration with the PingFederate Authentication API for end-user interactions, for step-up authentication and transaction approval. Additionally, it supports mobile device initiated flows such as mobile device registration and seamless device authorization.

Refer to Flows of the PingID SDK adapter for PingFederate for detailed flow information.