Account Access Integration - Ping Identity (MFA)

Moveworks' Account Access skill provides employees secure, self-service ways for users to resolve their multi-factor authentication (MFA) issues and can be integrated with Ping Identity to do so.

Ping Identity MFA Reset

The Moveworks bot has the ability to aid users in registering a new device for MFA if they no longer have access to the currently registered device in Ping Identity. This use case usually occurs when:

  1. A user purchased a new phone or lost their current phone.
  2. A user has a new phone number or email address.

As a security measure, Moveworks will always direct users to your Ping instance when entering new phone numbers or scanning QR codes. Moveworks will not process Ping ID authentication codes in any way.

Moveworks MFA Reset Business Logic


Note: In-bot MFA reset may differ slightly based on the chat platform Moveworks is installed to.

  1. The flow starts when a user either files a ticket in the Service Portal or comes to the bot directly to request a reset of their PingID factor.
  1. Moveworks will recognize that the user is having issues with authenticating their current PingID factor and will let the user know that Moveworks can help to enroll a new PingID factor.
  2. After confirming, the user will be presented with all their currently configured PingID factors (this can be SMS, email, phone call, push, etc.).
  1. After selecting one or more factors to reset, a ticket will be filed in the backend that contains all the details of the user’s request. Moveworks will remove the selected device(s) from the user’s configured devices.
  1. The user is then presented with a link directing them to set up a new PingID factor. Once they log in with a username and password, they will be prompted to set up a new factor. After this is complete, their new factor will be successfully paired to PingID.