Use cases
The following are common uses for the PingOne Verify Integration Kit.
Account Recovery
For password reset and sign-on flows, a malicious user could try to reset the password of an account other than their own by using their own ID.
To prevent this:
-
Set up a comparison in the PingFederate policy to check if the identity verified matches the user’s record.
-
After the PingOne Verify Integration Kit succeeds, confirm that the first and last names of the verified ID match those in the directory for the username that was entered on the sign-on or forgot password page.
Authentication
When a user signs on, you can use PingOne Verify to verify a user’s identity instead of, or in combination with, a standard multi-factor authentication (MFA) step.
For example, you might use PingOne MFA by default and only trigger PingOne Verify based on:
-
Frequency: For example, annually.
-
Group: For members of the "contractors" group.
-
Account Age: For accounts made in the last two months.
-
Past Verification: For users that have never completed the verification process.
-
Security Risk: For users with a PingOne Protect risk evaluation of
MEDIUM
orHIGH
.
You can create these rules in your PingFederate authentication policy.