- 30 Mar 2022
- 1 Minute to read
- Print
- DarkLight
PingMe for Mobile Users Only
- Updated on 30 Mar 2022
- 1 Minute to read
- Print
- DarkLight
Configuring PingMe Authentication for Mobile Users Only
Use case: Tenant Administrator is creating a PingMe Authentication Policy, and only wants to include those users whose mobile device is registered in the system.
How to do this: This is done via this two-step process:
Create a Connect Action Set to set an attribute for each user that has a mobile device registered in RapidIdentity.
Create an Authentication Policy and enable PingMe in the Authentication Methods tab.
To associate this policy with only those users who have a mobile device registered, create an LDAP filter under the Criteria Tab, and filter on the attribute used to represent the registered mobile device.
We recommend including other attributes to further restrict this policy for specific users.
We recommend configuring this policy to get processed before less secure or less preferable policies. This can be done by moving the PingMe policy up the list of Authentication Policies so that it is processed before Password or Challenge.
Connect Action Set
Your Action Set may differ, but here is the generic Logic Flow for the Action Set to set the attribute used in this policy:
- Get Mobile Devices
- Iterate
- Are there users associated with the device?
- Iterate Users
- Set updateRecord with device ID, add to Update Queue
- Iterate Users
- Are there users in RICloud with this device ID that are no longer associated with device?
- Query RICloud for device ID’s, check to see in current list of associated users with device
- Set updateRecord with null device ID add to Update Queue
- Query RICloud for device ID’s, check to see in current list of associated users with device
- Is the device not associated with any users?
- Get RICloud users with device ID assigned
- Set update Record with null device ID, add to Update Queue
- Get RICloud users with device ID assigned
- Check more results available from API, query for next page if necessary
- Are there users associated with the device?
- Update
- hasRecordChanged
- update
- hasRecordChanged
- Iterate