Adding a login authentication step
A single-factor authentication step requires only one piece of evidence to verify a user’s identity, such as a username and password.
Steps
-
Go to Authentication > Authentication.
-
Click Add Policy to create a new policy, or click the Pencil icon to edit an existing one.
-
Click Add Step.
-
In the Step Type list, select Login.
-
Enter or edit the recovery and registration settings.
Setting Description Enable account recovery
In case of a forgotten password, users can recover their accounts with a one-time passcode (OTP) sent over email.
Enable registration
Users can register their own accounts if a user record already exists. Select PingOne Directory to provision users to the PingOne user store.
Select External Link to provision users to an external user store. PingOne will direct users to the Registration Target URL for registration, but PingOne will still be used for authentication.
Require confirmation of user information
If registration is enabled, requires end users to confirm the data that is linked with the third-party identity provider (IdP). The end user will have an opportunity to edit the information that the third-party IdP shares with PingOne, such as username, email address, first name, and last name.
-
Enter or edit the requirement conditions. If this condition is met, the user will be required to sign on.
-
Last sign-on older than: Requires users to sign on again if their previous sign-on is older than the configured value.
-
-
Enter or edit an external IdP. Click Add Provider and then select an IdP from the list. If an IdP doesn’t appear on the list, the IdP might not be enabled. Learn more in Enabling or disabling an identity provider.
-
To prevent users from signing on if their PingOne user account is locked, select Block authentication of locked user accounts from Presented Identity Providers. If this option is cleared, users can sign on with their configured IdP credentials, but not their PingOne credentials.
-
Click Save.