PingOne

Configuring an MFA form

You can use forms created in User Experience > Forms to allow users to register and authenticate with multi-factor authentication (MFA), by one-time passcode (OTP), FIDO2, or an authenticator app.

Creating an MFA form with OTP

To create an MFA form for registration or authentication with OTP:

Steps

  1. In the PingOne admin console, go to User Experience > Forms.

  2. Click the icon and select one of the following OTP templates:

    • Email OTP Prompt - Registration

    • Email OTP Prompt - Authentication

    • Text Message OTP Prompt - Registration

    • Text Message OTP Prompt - Authentication

    • Voice OTP Prompt - Registration

    • Voice OTP Prompt - Authentication

  3. (Optional) Customize the templated form in the form builder.

  4. Click Save.

Result

You can now use the form in your DaVinci flow with the PingOne Forms connector.

Creating an MFA form with FIDO2 registration

To configure FIDO2 in PingOne Forms for registration:

Steps

  1. Create a FIDO2 form:

    1. In the PingOne admin console, go to User Experience > Forms.

    2. Click the icon and select the FIDO2 - Registration template.

    3. (Optional) Customize the templated form in the form builder.

    4. Click Save.

  2. In DaVinci, configure the flow.

    A DaVinci FIDO2 MFA flow. This first PingOne Forms connector is set to Create Device, followed by a Forms connector using Show Form with FIDO2 Registration selected. The final PingOne Forms connector is set to Activate Device.

    1. Add a PingOne MFA connector node and select the Create Device capability.

      This connector is necessary for Public Key Credential Creation field in the following PingOne Forms connector.

    2. In a subsequent node, add a PingOne Forms connector and select the Show Form capability, then select the FIDO2 registration form you created in User Experience > Forms.

    3. In a subsequent node, add another PingOne MFA node and select the Activate Device capability.

Creating an MFA form with FIDO2 authentication

To configure FIDO2 in PingOne Forms for authentication:

Steps

  1. Create a FIDO2 form:

    1. In the PingOne admin console, go to User Experience > Forms.

    2. Click the icon and select the FIDO2 - Authentcation template.

  2. (Optional) Customize the templated form in the form builder.

  3. Click Save.

  4. Configure the DaVinci flow.

    A DaVinci FIDO2 MFA flow. The first PingOne Forms connector is set to Create Device Authentication, followed by a Forms connector using Show Form with FIDO2 Authentication selected. The final PingOne Forms connector is set to FIDO Assertion.

    1. In your PingOne DaVinci flow, add a PingOne MFA connector and select the Create Device Authentication capability.

      This connector is necessary for the Public Key Credential Request field in the following PingOne Forms connector.

    2. In a subsequent node, add a PingOne Forms connector and select the Show Form capability, then select the FIDO2 authentication form you created in User Experience > Forms.

    3. In a subsequent node, add another PingOne MFA node and select the FIDO Assertion capability.

Creating an MFA form with the authenticator app

To create a simple registration or authentication form with an authenticator app prompt:

Steps

  1. In the PingOne admin console, go to User Experience > Forms.

  2. Click the icon and select either the Authenticator App Prompt - Registration or Authenticator App Prompt - Authentication form.

  3. (Optional) Customize the templated form in the form builder.

  4. Click Save.

Result

You can now use the form in your DaVinci flow with the PingOne Forms connector.