PingMe for Mobile Users Only
  • 30 Mar 2022
  • 1 Minute to read
  • Dark
    Light

PingMe for Mobile Users Only

  • Dark
    Light

Article Summary

Configuring PingMe Authentication for Mobile Users Only

Use case: Tenant Administrator is creating a PingMe Authentication Policy, and only wants to include those users whose mobile device is registered in the system.

How to do this: This is done via this two-step process:

  1. Create a Connect Action Set to set an attribute for each user that has a mobile device registered in RapidIdentity.

  2. Create an Authentication Policy and enable PingMe in the Authentication Methods tab.
    Enable in Authentication Methods.png

To associate this policy with only those users who have a mobile device registered, create an LDAP filter under the Criteria Tab, and filter on the attribute used to represent the registered mobile device.
We recommend including other attributes to further restrict this policy for specific users.

We recommend configuring this policy to get processed before less secure or less preferable policies. This can be done by moving the PingMe policy up the list of Authentication Policies so that it is processed before Password or Challenge.
Move PingMe Up.png

Connect Action Set

Your Action Set may differ, but here is the generic Logic Flow for the Action Set to set the attribute used in this policy:

  • Get Mobile Devices
    • Iterate
      • Are there users associated with the device?
        • Iterate Users
          • Set updateRecord with device ID, add to Update Queue
      • Are there users in RICloud with this device ID that are no longer associated with device?
        • Query RICloud for device ID’s, check to see in current list of associated users with device
          • Set updateRecord with null device ID add to Update Queue
      • Is the device not associated with any users?
        • Get RICloud users with device ID assigned
          • Set update Record with null device ID, add to Update Queue
      • Check more results available from API, query for next page if necessary
    • Update
      • hasRecordChanged
        • update

Sample Action Set

FnCheckMobileDeviceEnrollment_SAMPLE.xml


Was this article helpful?