Sign-on policies determine the account authentication flow users must complete to access applications secured by PingOne services. PingOne provides the following pre-defined sign-on policy configurations:
A sign-on policy that prompts users to enter a username and password to authenticate the account.
A sign-on policy that requires a two-step authentication workflow in which users take the following actions:
Sign-on policies are defined by their associated actions. For example, the
Single-Factor sign-on policy resource uses a defined
LOGIN action that prompts users for a username and password. The
Multi-Factor sign-on policy resource uses a defined
MULTI_FACTOR_AUTHENTICATION action that prompts users to complete a second authentication action, such as entering a one-time password received on a registered device or accepting a push confirmation on a registered native device.
Multi-Factor sign-on policy can also be used to configure a
PASSWORDLESS authentication method. The authentication flow first identifies the user by the
username property and determines the applicable second factor to complete authentication.
The actions associated with a sign-on policy resource can be modified using a
PUT request. The examples that follow show common operations to create and manage sign-on policies resources. You need the Environment Admin role to perform operations on sign-on policy resources.
||The time the resource was created.|
||A boolean that specifies whether this sign-on policy is the environment’s default that is used by applications that do not have application-specific sign-on policy assignments. This property can only be set to
||A string that specifies the description of the sign-on policy.|
||A boolean that specifies whether the sign-on policy is enabled and can be assigned to applications. This property must be set to
||A string that specifies the environment resource’s unique identifier associated with the sign-on policy.|
||A string that specifies the sign-on policy resource’s unique identifier.|
||A string that specifies the resource name. The name must be unique within the environment, and can consist of either a string of alphanumeric letters, underscore, hyphen, period: ^[a-zA-Z0-9_. -]+$ or an absolute URI if the string contains a “:” character.|
||The time the resource was last updated.|
|204||Successfully removed. No content.|
|400||The request could not be completed.|
|404||The requested resource was not found.|