PingID Wiki

 

 

The PingID App provides significant usability and security benefits. Therefore, the PingID App is the recommended Multi-Factor Authentication method for MyID. The App has also been approved for ACP 3 (C3) data by SiemensCERT (Cyber Emergency Readiness Team).

Please avoid using One-time password via SMS as second factor and keep it only as a backup Mutli-Factor Authentication method due to its weak reliability and security shortcomings. Furthermore, the SMS delivery generates high cost for our company. Please foster the ownership culture avoiding them.

 

Why is Multi-Factor Authentication important?

Passwords alone no longer offer sufficient protection. According to a survey, 81 percent of all security incidents are related to stolen, spied or weak passwords. That's the reason why we need to protect access to important and critical company data with strong identity verification. Such verification is also referred to a Multi-Factor Authentication (MFA).

MFA verifies a user's identity by combining two independent factors like for instance Username and Password as first factor with an App Confirmation or SMS one-time password as second factor. The combination of both factors provides a very high level of identity assurance and is therefore mandatory for critical applications.

 

 

 

Security Info
The PingID App enforces your device to be secured. If the app recognizes your device to have a biometric sensor (TouchID, FaceID, Android Biometrics etc.) PingID expects it to be activated on the device, otherwise enrollment is refused. If you use Android for Work (Android Enterprise) you are required to activate the finger print in the profile where the app is installed because this configuration is applied in each profile separately. Below you can find some more details around this aspect.

This behavior is enforced because of the Siemens security policy which MyID applies on all the enrolled devices supporting biometrics. Minimal requirement is iOS 11+ and Android 6.0+.

Please note: Neither the PingID app nor the MyID system stores or processes biometric data. It relies on the mobile device to handle these aspects.

 

 

Curious about PingID? Start using it now!

Would you like to enable PingID immediately to be prepared for the MyID Multi-Factor Authentication? You can use our MyID demo applications on QA and Production systems. Just open it on your PC, select "Two Factor", click on "Login" and you are ready to enroll the PingID app!
Note: Please make sure that you are logged in with your Windows credentials and not with your PKI card as otherwise the activation process will not be enforced.

 

1. Installation of PingID App 

1.1 The PingID App can be downloaded from the Public App Stores as well as from the Siemens internal App Store. Please navigate to your preferred App Store and install the app "PingID".

 

For employees in China: The Google App Store is not available.

 

1.2 Open the PingID App and accept the terms of service.

1.3 The application must be able to send you notifications and must have access to your camera. Please allow this access.

 

Use of Biometrics

PingID is deployed to use the biometric sensors in your mobile device (Touch ID, Face ID or another fingerprint sensor). So, the biometric function in the mobile device must be set up correctly before activating PingID.
If your mobile device does not support the use of biometric authentication methods or you cannot use it, the "One-Time-Password via SMS" method can alternatively be set up. The activation process is described below.

 

 

2. Activation of PingID App

 

2.1 In order to activate the PingID App, you must pair the app with your Siemens account. The activation is a one-time process and we recommend using the MyID Demo web-application for it. We also recommend performing the activation on your workstation and to use URA or Zscaler if you are not working in your Siemens office.

Please ensure you are logged in with your Windows credentials and not with the PKI card, as otherwise the activation process will not be enforced. Close all open browser windows and open the Demo app (myid.siemens.com/demo) in a new browser window.

Please click on "Two-Factor" and "Login":

 

 

2.2 Next click on "Mobile Authentication":

 

 

2.3 In order to continue with the activation process you are first required to authenticate yourself. For the first authentication, please select one of the displayed options to authenticate. In case you select "Smart Card" please ensure your PKI card is inserted in your card reader.

 

 

 

Please note that single options might be grayed out and are not accessible due to active directory settings.
•	Smart Card: Can be used on any device, provided the Smart Card is activated on the device.
•	One-Time Password via SMS: Can be used for business partners or employees. Your mobile phone data must be available in the Siemens Corporate Directory (SCD). 
With regards to business partners please ensure that mobile phone data is entered during the onboarding of the identity in the IAM system. 
•	One-time Password via email (e.g. to your manager or sponsor): This option is applicable if the previous options cannot be used. The line manager or sponsor will receive an 
one-time password by email which they need to pass on to you. As such a password is only valid for a short time, it is essential that the timing of the activation process is aligned with your line manager or sponsor.
Notice: first 30 days after onboarding (creation of a new AD account) the verification of PingID activation is not required.

 

 

2.4 The following window appears. Please click on "I have already installed the PingID app.

 

2.5 In order to finish the activation process, please open the PingID app on your mobile phone and scan the QR code or enter the displayed pairing key manually.

 

 

2.6 Enter your full name and click on "done".

Your PingID app is now ready and can be used for Multi-Factor Authentication.