PingOne MFA

Tour the Product

Meet PingOne MFA

With account takeover attacks, compromised credentials, and fraud on the rise, the potential for identity theft is real. Protecting customers starts with a high level of assurance in their identity when they sign on to your application or website. PingOne MFA is a cloud-based multi-factor authentication service that enables you to know that your users are who they say they are while providing frictionless experiences.

Supported authentication methods include mobile push, email OTP, SMS OTP, TOTP authenticator apps, QR codes, magic links, FIDO2-bound biometrics, and security keys.

How it Works

With PingOne MFA, you can embed MFA directly into your mobile application(s) or integrate it with your website—enabling your customers to easily and securely log in from their trusted devices. The set-up is simple and starts with configuring a sign-on policy, associating that policy with your web apps, and then customizing notifications. From there, you can configure the allowed authentication methods, adaptive authentication, and more.

With PingOne MFA you can:

Authenticate identity without introducing friction

Ensure the security of your end users and assets

Easily manage and optimize authentication experiences

User Journey Alignment

PingOne MFA is integral to the “Authenticated” stage of the user journey.

Convenient Authentication Methods

PingOne MFA provides a variety of authentication methods that protect customers and don't add unnecessary friction to their experience. Customers can choose to authenticate by swiping, tapping, or using fingerprint or facial recognition via a secure push notification from their mobile device or using FIDO2-bound biometrics on their laptop or security keys. They can alternatively use a magic link, scan a QR code, or enter a one-time passcode sent to their email or SMS to verify their identity.

Customer experience versus security level with different authentication types Mobile push FIDO Authentication App SMS OTP and Email OTP

Adaptive Authentication Removes Friction

When customers have friction in their user experience, they’re more likely to abandon your application or website. Removing friction means making security visible only when it’s needed, for example, customers accessing certain applications or performing high-risk, high-value transactions. PingOne MFA reduces the need for your customers to complete an MFA challenge by leveraging adaptive policies and integrating with Ping’s cloud-based risk management service to look at usage patterns, context, and behaviors so that they’re only prompted when MFA is necessary.

Passwordless (and Usernameless) Authentication

Passwordless authentication may seem like a radical concept, but it actually borrows from and builds upon the same principles as adaptive MFA. For example, you could combine username only (no password) with a lower friction method of authentication (such as a device-based biometric or a swipe) when a user is accessing non-sensitive resources in a typical manner. You may be more ready to start your journey to passwordless authentication than you realize. When paired with PingOne DaVinci, you’ll get out-of-the-box passwordless flows to get you started.

Then and Now graphic Then we used passwords and now we use passwordless

PingOne User dashboard showing choices for allowing different types of multifactor authentication

Simplify Administration

Make it easy for administrators to set up and manage authentication flows. PingOne MFA gives you the flexibility to choose between configuring policies in the administration console or using developer-friendly APIs. Either way, administrators can create separate sign-on policies per application and leverage risk management capabilities to verify customer identity via adaptive authentication. Plus, you can give developers a head start with sample code and authenticator applications to rapidly integrate MFA into the customer experience.

Embed MFA into Your Mobile App

It’s easy to embed multi-factor authentication capabilities natively into your own iOS or Android mobile application. This allows you to deliver convenient and secure MFA to your customers without requiring them to download a separate application. Device authorization behind the scenes can provide an additional layer of security without introducing friction when a user logs into your mobile application, resulting in a seamless authentication experience.

Image showing two mobile devices On the left the device is showing a notification for a sign in request On the right the device is displaying a prompt that MFA Required

Benefits & Features

Customer-friendly authentication methods

Self-service portal for adding/removing devices and setting MFA preferences

Leverage risk signals for adaptive authentication

Customized branding for consistency and reliability

Developer-friendly APIs and SDK for embedding MFA into your apps

Implement transaction approvals for high-value or high-risk actions

Dashboard for MFA usage and SMS costs

Included as part of total authentication solution with PingOne for Customers plus and premium

Enables passwordless authentication

Business Value

Increase revenue

Minimize friction
in the user
experience

Prevent fraud

Flexible Deployment Options

PingOne MFA can be deployed as:

PingOne Services - Multi-tenant SaaS

Learn More About Our Deployment Options

Platform Alignment

PingOne MFA is an integral part of the PingOne Cloud Platform and is essential to the “Authenticate” phase of the identity and access management user journey.

Learn More About Our Platform