The following steps demonstrate, how to set up an OIDC connection within the PingIdentity PingOne Console that leverages AuthID's biometric authentication platform. The steps to fully integrate authID are as follows:

• Create a new integration in the authID Identity Portal.
• Configure authID as an External IDP within the PingOne console.
• Create an access policy using the IDP.
• Apply the access policy to an application.

Add Identity Provider

1. Navigate to the Connections > External IDPs section from the user dashboard and click labeled Add Provider.

2. Select the tile marked OpenID Connect.

3. Enter a name for the IDP. The description, icon, and login configuration are optional.

5. Use the saved values from users' AuthID integration to fill out the Client ID and the Client Secret fields. Use the following value for the Discovery Document URI, or fill out the fields manually. The authID OIDC service supports both Basic and POST for token authentication, so choose the best option to suit users' needs.

<https://id.authid.ai/oidc/web/.well-known/openid-configuration>

6. Next, users can map any attributes to use. Click Save & Finish to complete the setup.

7. Be sure to enable the Identity Provider after completing the setup, click on the toggle on the right-hand side.

Add Authentication Policy

Authentication policies are used to control access to applications using the identity provider you have just created. Users have flexibility depending on when and where the users can apply the policy. This section will cover two experiences: Identifier First and External Identity Provider. To begin, navigate to the Experiences > Policies > Authentication section of your dashboard and click the Add Policy button. You can also edit existing policies if you prefer.

Identifier First

This mode prompts a user to click the button for the external IDP that was created earlier by selecting it from the list under Presented Identity Providers.

Alternatively, users can turn on Discovery Rules to automatically route to the IDP if a user's email address matches a given domain.

External Identity Provider

This mode presents the IDP immediately instead of showing the Ping login experience. This is useful for requiring additional biometric authentication for individual applications without prompting users for additional input.

Select the IDP, created earlier and select it from the list under External Identity Provider. If users are using this mode, make sure to check the box labeled Pass user context to provider so that users do not have to enter their identifier twice.

Apply the Policy

To test the effect of the policy, you can assign it to an application where it is automatically goes into effect. For this example, we will apply the policy to the Application Portal. Navigate to the Connections > Applications section on the user dashboard and click the PingOne Application Portal from the list to open up the editor.

Select the policy the user created earlier by checking the box, and click save to apply it.

Test the user's new policy by navigating to the Application Portal and signing in. Users must see the authID experience presented, where users are then guided to complete their authentication.