Authenticating using a one-time passcode (OTP)

Your organization or third party can ask you to authenticate in different ways. Some might ask you to approve a notification, or use biometrics (face or fingerprint), while others require you to enter a one-time passcode (OTP).

This section explains how to authenticate using an OTP when it’s required, or when available as an alternative to approving a notification.

For organization accounts, you might also be able use an OTP to authenticate if your device is offline.

Before you begin

Make sure PingID mobile app is paired with the account

To authenticate using an OTP, you must first pair PingID mobile app with the relevant account, site, or app.

Learn more about pairing your organization with PingID mobile app.
Learn more about pairing a third-party account, site, or app with PingID mobile app.

Offline authentication (organization accounts only)

Some organization accounts allow you to use an OTP to authenticate even when PingID mobile app is offline. You can only use an OTP to authenticate offline if you already authenticated successfully online at least once.

You can’t authenticate offline when using PingID mobile app as your authenticator to access third-party sites or apps.

About this task

The Authentication tab of the PingID mobile app lists all the accounts to which PingID is paired. The app generates Time-based One-Time Passwords (TOTPs) for each account, which means that the OTPs change at regular intervals.

Tap an account to view the current OTP for that account. PingID displays a countdown timer showing when the current OTP is due to expire. Each OTP is unique and is valid for a limited time period.

image showing a list of accounts paired with PingID and the OTP for the selected entry

What is an OTP?

A one-time passcode (OTP) is a unique string of numbers (usually 6-digits) generated by PingID mobile app. It adds an extra layer of security to your password.
The OTP is only valid for a short time period (usually 30 seconds), after which a new one is generated. PingID mobile app displays the current valid OTP, and shows a count down timer so you know how long it is still valid.
Always use the current OTP. If only a few seconds remain on the timer, it’s best to wait for the next OTP to appear.
Your options differ depending on how an account is configured:
- Accounts that support both notifications and OTPs: When you sign in, you’ll typically receive a notification to your mobile device first. You can approve it to sign in quickly, or you can choose to enter an OTP instead.
- Accounts that only support OTPs: You’ll be asked to enter a passcode directly.
If you only have one organization account paired with PingID, you won’t see a list of accounts. The OTP for that account appears directly in the Authentication tab.

An image showing the process of using the PingID generated one-time passcode received on a mobile device to sign on and authenticate for access to your account and applications on a desktop

Steps

Sign on to your account, or access the site or application that requires authentication.

Result:

You’ll see an Authenticating window.

For accounts that allow you to approve a notification, you’ll receive a notification to your mobile device and can approve the notification as a quick alternative to entering an OTP.
In the Authentication window, you’ll see a field that allows you to enter an OTP. For some organization accounts, you might need to select Use Code for the field to appear.

Result:

You are asked to enter an OTP.
On your mobile device, open the PingID mobile app and tap the relevant account to view the current OTP for that account.
In the Authentication window, enter the current OTP into the field to complete authentication.

Result

If you entered a valid OTP, you’ll be notified of any next steps to complete authentication and otherwise your access is approved.