PingOne Platform APIs

Configure an MFA Sign-On Policy with an Authenticator App

This activity shows you how to define a native application, create an MFA sign-on policy that enables MFA using an authenticator application, and assign the sign-on policy to the application.

This scenario illustrates the following common operations supported by the PingOne APIs:

  • Create an application

  • Assign a resource grant to the application

  • Create a sign-on policy

  • Create a sign-on policy MFA action

  • Assign a sign-on policy to an application

Prerequisites

Get an access token from the worker application that you created in Create an admin Worker app connection. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, refer to Get a PingOne admin access token.

Workflow order of operations

To create the application and specify its sign-on policy:

  1. Make a POST request to the /environments/{{envID}}/applications endpoint to define a native application.

  2. Make a GET request to /environments/{{envID}}/resources to get the list of available resource server IDs.

  3. Make a get request to /environments/{{envID}}/resources/{{resourceID}}/scopes to get the OIDC scopes for the resource grant.

  4. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to assign a resource grant to the application.

  5. Make a POST request to the /environments/{{envID}}/signOnPolicies endpoint to create a new sign-on policy.

  6. Make a POST request to /environments/{{envID}}/signOnPolicies/{{policyID}} to create an MFA sign-on policy action for the new sign-on policy.

  7. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to assign the MFA sign-on policy with the new application.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace. Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman