Qodex.ai

Configure an MFA Sign-On Policy with an Authenticator App

Number of APIs: 7

This activity shows you how to define a native application, create an MFA sign-on policy that enables MFA using an authenticator application, and assign the sign-on policy to the application.

This scenario illustrates the following common operations supported by the PingOne APIs:

  • Create an application
  • Assign a resource grant to the application
  • Create a sign-on policy
  • Create a sign-on policy MFA action
  • Assign a sign-on policy to an application

Prerequisites

Get an access token from the worker application that you created in Getting Started with the PingOne APIs. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, see GET a Worker Application Access Token.

Workflow order of operations

To create the application and specify its sign-on policy:

  1. Make a POST request to the /environments/{{envID}}/applications endpoint to define a native application.

  2. Make a GET request to /environments/{{envID}}/resources to get the list of available resource server IDs.

  3. Make a get request to /environments/{{envID}}/resources/{{resourceID}}/scopes to get the OIDC scopes for the resource grant.

  4. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to assign a resource grant to the application.

  5. Make a POST request to the /environments/{{envID}}/signOnPolicies endpoint to create a new sign-on policy.

  6. Make a POST request to /environments/{{envID}}/signOnPolicies/{{signOnPolicyID}} to create an MFA sign-on policy action for the new sign-on policy.

  7. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to assign the MFA sign-on policy with the new application.

  1. Step 3: Get all OIDC Scopes GET {{apiPath}}/environments/{{envID}}/resources/{{openidResourceID}}/scopes

  2. Step 1: Create a native application POST {{apiPath}}/environments/{{envID}}/applications

  3. Step 2: Get all resources GET {{apiPath}}/environments/{{envID}}/resources

  4. Step 4: Assign a resource grant to the application POST {{apiPath}}/environments/{{envID}}/applications/{{mfaNativeAppId}}/grants

  5. Step 5: Create an MFA sign-on policy POST {{apiPath}}/environments/{{envID}}/signOnPolicies

  6. Step 6: Create a sign-on policy MFA action POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{mfaPolicyID}}/actions

  7. Step 7: Assign the MFA sign-on policy to the application POST {{apiPath}}/environments/{{envID}}/applications/{{mfaNativeAppId}}/signOnPolicyAssignments