Login
    Contents x
    Registering multiple passkeys in Ping using APIs
    • 10 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Registering multiple passkeys in Ping using APIs

    • Updated on 10 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    This article describes how to pre-register multiple user accounts with a FIDO2 passkey in Ping using APIs and CSV files. It will help you to streamline the registration process for multiple users and ensure secure and passwordless authentication with OneSpan security solutions.

    Before you begin

    • Ensure you have the necessary API credentials and access to the Ping Identity environment.
    • Make sure the FIDO2 authentication method is enabled in your PingID or PingOne environment.
    • Ensure that the user's browser or device supports WebAuthn and FIDO2 protocols.

    Procedure

    1. Create a CSV template with the required headers. The headers should include user details and FIDO2 token information, for example:

      userId,username,email,firstName,lastName,tokenId,tokenType

    2. Populate the CSV file with the user details and corresponding FIDO2 token information. Each line represents a user and the associated token.

       

      userId,username,email,firstName,lastName,tokenId,tokenType
user1-id,user1,user1@example.com,First1,Last1,token1-id,FIDO2
user2-id,user2,user2@example.com,First2,Last2,token2-id,FIDO2

    3. Upload the CSV file using the Ping API. Send a POST request to the /bulkImport endpoint with the CSV file attached.

      curl -X POST "https://your-ping-instance.com/bulkImport" \
  -H "Authorization: Bearer your-access-token" \
  -F "file=@/path/to/your-file.csv"

    4. Initiate the FIDO2 registration for each user. Send a POST request to the /fido2/registrations endpoint and include the user's ID in the request body.

      POST /fido2/registrations
{
  "userId": "user-id"
}

    5. Handle the registration response. The response will include a challenge and other necessary parameters for the FIDO2 registration ceremony. To complete the registration, pass these parameters to the user's browser or device.

      {
  "challenge": "random-challenge",
  "rp": {
    "name": "Example RP"
  },
  "user": {
    "id": "user-id",
    "name": "user@example.com",
    "displayName": "User"
  },
  "pubKeyCredParams": [
    {
      "type": "public-key",
      "alg": -7
    }
  ]
}

    6. Complete the registration ceremony.

      The user's browser or device will use the provided parameters to generate a credential object. Send this object back to the Ping API to complete the registration.

      POST /fido2/registrations/complete
{
  "userId": "user-id",
  "credential": {
    "id": "credential-id",
    "rawId": "raw-credential-id",
    "response": {
      "attestationObject": "attestation-object",
      "clientDataJSON": "client-data-json"
    },
    "type": "public-key"
  }
}

    7. Verify the registration.

      The Ping API will verify the registration and store the FIDO2 credential for each user. The users can now authenticate using the associated FIDO2 passkeys.

    Additional information

    • For more information about the endpoints and parameters, refer to the Ping Identity API documentation.
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant