The PingOne MFA Native SDK provides the ability to integrate PingOne MFA functionality into your native applications.
The PingOne MFA Native SDK API for Android is included in the SDK package. The functions, parameters and error codes are listed below.
The PingOne MFA Native SDK package is available for download at https://github.com/pingidentity/pingone-mobile-sdk-android. Further details for setup and integrating PingOne MFA Native SDK into your native apps are available in the README file in the Android folder of the downloadable package.
The PingOne SDK for Android supports the following software versions:
See Edit an application in the admin guide for the server-side configuration steps.
The PingOne MFA Native SDK bundle provides a sample app that includes all the basic flows in order to help you get started.
The sample app package for Android is available for download at https://github.com/pingidentity/pingone-mobile-sdk-android. Further details are available in the README file in the Android folder of the downloadable package.
The Authenticator sample app is a native app that has the sole function of performing strong authentication. It provides a simple example for developers and solution architects, to enable easy and rapid deployment of an authenticator app with minimal effort.
For scenarios which solely require creation of a native authenticator rather than a full native native app, the Authenticator sample app offers a passwordless and secured solution, that only requires compilation of the sample with customer’s branding and credentials, and uploading it to the app store.
The Authenticator sample app package for Android is available for download at https://github.com/pingidentity/pingone-authenticator-sample-app-android/. Further details are available in the README file.
PingOne has an integrated mobile device integrity check in its MFA flows, which allows mobile applications to deny access when a mobile device is suspected to be compromised.
Each application must be set up and configured in the organization’s PingOne environment, either in the admin UI, or using the MFA devices API. The development team provides the admin with the application name and details.
The admin’s configuration of device integrity detection is detailed in the PingOne admin guide. See Editing an application - Native.
PingOne uses Google’s Play Integrity API to check the integrity of the mobile device. For details on the capabilities of the Play Integrity API, see the Play Integrity API documentation.
Mobile app developers are responsible for enabling and monitoring usage of the Play Integrity API.
The following steps are required:
Create a Google Cloud project or use an existing one
For details on working with Google Cloud projects, see Creating and managing projects. The PingOne mobile SDK component requires the number of your Google Cloud project.
Enable the Google Play Integration API
Go to APIs and Services and select Enable APIs and Services. Search for the Play Integrity API, select it, and then select Enable.
Link your application to the Google Cloud project
Applications distributed on Google Play must be linked to the Google Cloud project so that they can call the Play Integrity API. In the developer console of the Google Play Store, choose your application. Go to Setup > App integrity > Google Cloud Project, and link your application to the Google Cloud project where you’ve enabled the Play Integrity API.
Configure how your responses are encrypted and decrypted (optional)
For applications distributed on Google Play, you can choose between Google-managed response encryption (the default and recommended option) and self-managed response encryption.
For both of these options, you’ll need to provide the relevant keys in the PingOne console when you define the application.
See Configure how your responses are encrypted and decrypted for more information on managing and downloading response encryption keys.
Monitor Play Integrity API usage
If your quota for Play Integrity API usage is reached, users could end up getting blocked. So it’s important to monitor Play Integrity usage. For more information on usage tiers and requesting a higher quota, see API usage tiers.
Request a higher quota if needed
The form for requesting a move to a higher usage tier includes questions that are application-dependent. For the question How are you calling the Play Integrity API?, select the A third party I’m using in the app is calling the API option, and specify PingOne Mobile SDK Android.
Estimate the number of queries per day to request a specific tier
The quota request should take into account both your application’s expected traffic and the mobile SDK component’s caching and retry policy. If there was a successful response from the Play Integrity API that passed the integrity test, no additional Play Integration requests will be made until after the integrity check cache duration that you defined for the application.
See the API documentation.