Managing registered devices
PingOne Advanced Identity Cloud PingAM Android iOS JavaScript
PingOne Advanced Identity Cloud and PingAM support registration of many different authenticator device types to support your multi-factor authentication journeys:
- WebAuthn/FIDO authenticators
-
The registered device acts as an authenticator and uses public-key cryptography to securely sign an assertion from the server.
Register WebAuthn devices using the WebAuthn Registration node.
To learn more about implementation, refer to Integrating with FIDO (WebAuthn) auth journeys.
- Device binding
-
The registered device generates a key pair and a key ID. The Orchestration SDKs send the public key and key ID to PingOne Advanced Identity Cloud or PingAM for storage in the user’s profile.
Bind devices using the Device Binding node.
To learn more about implementation, refer to Introducing Device Binding.
- Device profiling
-
The Orchestration SDKs collect specific data about the registered device to create a profile that helps to identify it during authentication journeys.
Profile devices using the Device Profile Collector node.
To learn more about implementation, refer to Introducing Device Profiling.
- OATH MFA devices
-
The registered device generates a one-time passcode that your users enter into the authentication journey.
Register OATH devices using the OATH Registration node.
- PUSH MFA devices
-
The registered device receives a PUSH notification from the server that the user must approve to continue their authentication journey.
Register PUSH devices using the Push Registration node.
You can use the Orchestration SDKs to enable users to manage the devices and authenticators registered to their accounts. For example, they can list, rename, and delete their devices.