Setup one-time passcodes

PingOne supports several methods of multi-factor authentication (MFA), which is the practice of requiring more than one type of evidence to identify a user. For example, a username and password together are considered a single factor.

Adding more authentication factors, such as one-time passcodes, helps to strengthen your security posture and reduce the chance of a data breach.

Users must provide a minimum of two pieces of verifiable information to authenticate.

Figure 1. Using multiple factors to authenticate users

To learn more, refer to Single-factor, Two-factor, and Multi-factor Authentication in the Identity Fundamentals documentation.

The Ping SDKs help you to integrate authentication flows that use one-time passcodes into your client applications.

The Ping SDKs support the following one-time passcode delivery methods:

Email: When email authentication is configured, and the user signs on to their account or app, they are sent an email with a one-time passcode (OTP) to authenticate with.

Figure 2. Receiving an OTP via email

The OTP is valid for up to 30 minutes.
SMS: When configured, a one-time passcode (OTP) is sent to the user’s mobile device as a text message using SMS.

Figure 3. Receiving an OTP via SMS

The OTP is valid for up to 30 minutes.
Voice: When configured, a one-time passcode (OTP) is sent to the user’s mobile device or landline phone using telephony voice channels. The OTP is valid for up to 30 minutes.

Steps

Complete the following steps to integrate one-time passcode authentication into your client applications:

Before you begin

Before you begin this tutorial, ensure you have set up your PingOne instance with the required configuration.

For example, you will need an OAuth 2.0 client application setup.

Complete prerequisites

Configure client apps for one-time passcodes

Learn how to set up your Android, iOS, and JavaScript client apps to handle authentication flows that require one-time passcodes.

Start step 1