The following changes have been made to the PingOne API.
| Date | Contract change description |
|---|---|
| 10/25/2021 | The notifications settings property, notificationsSettings.defaultLanguage, has been removed from the platform. When required, notifications use the environment’s default language, which is set using the /environments/{{envID}}/languages endpoint. For information about notification content and language selection, see Runtime logic for content selection. For information about an environment’s default language, see Language Management. |
| 10/04/2021 | Ping Identity has added a Canada regional data center, that will provide enhanced performance and response on services for Canadian customers accounts hosted on this data center. Canada data center domains:
|
| 09/30/2021 | The platform now supports the Identity Data Read Only Admin role. See Roles. |
| 09/30/2021 | The platform now supports custom risk predictors. See Risk Advanced Predictors. |
| 09/2/2021 | The platform now supports connecting to external LDAP directories to validate user credentials. See Gateway Management. |
| 08/31/2021 | The platform now supports configuration of your own provider for dispatching SMS notifications. See Phone delivery settings. The phoneDeliverySettings.provider field now supports the new CUSTOM_PROVIDER valid value.The new POST Create Phone Delivery Settings (SMS) and PUT Update Phone Delivery Settings (SMS) operations use the new custom provider phone delivery settings properties:
Note: This implementation uses the POST operation and non-customizable body and headers. It requires customers to create a gateway that receives these requests in their simple, static format, and translates those requests into their custom provider’s supported SMS format. |
| 08/12/2021 | From MFA Native SDK v1.6.0, the platform supports mobile device integrity checks.
|
| 07/29/2021 | The following properties have been added to the risk evaluations details data model: state, city, previousSuccessfulTransaction.state, previousSuccessfulTransaction.city. See Risk evaluations. |
| 07/26/2021 | The platform now supports the Credentials Issuance service, enabling you to create custom verifiable credentials for users. See Credentials Issuance. |
| 07/14/2021 | The platform now supports configuration of your MFA authentication methods according to your security policies, including passcode refresh time (mobile applications), passcode retry attempts, passcode lifetime duration, and device block duration times. See Device authentication policy. |
| 06/30/2021 | The platform now supports dispatching SMS and voice notifications via your organization’s own Syniverse account in place of Ping Identity’s account or your own Twilio account. The phoneDeliverySettings.provider field now supports the new CUSTOM_SYNIVERSE valid value.The fallback option uses the smsProvidersFallbackChain property. For more information see Phone delivery settings. To configure an SMS and voice provider fallback chain see Notifications settings. |
| 06/30/2021 | The platform now supports pairing a phone number as an MFA method using a voice call OTP, and subsequent voice call OTP authentication notifications to paired phone numbers. The following new operations were added:Existing services have been extended to include voice OTP:
|
| 05/06/2021 | The platform now supports just-in-time provisioning of new users who authenticate with a registered authoritative external identity provider. See Identity Provider Management and Users. |
| 05/05/2021 | The platform now provides the number of OTP attempts remaining in the error message detail as part of the Check One-Time Passcode action and Activate MFA User Device action. |
| 04/13/2021 | The platform now provides a Risk Advanced Predictors endpoint to include advanced predictor criteria for risk policies. For more information, see Risk Management, Risk Advanced Predictors, and Risk Policies. |
| 04/08/2021 | If you attempt to create or update a custom content for an existing combination of template, locale, deliveryMethod and variant, you now get an INVALID_DATA/UNIQUENESS_VIOLATION error. |
| 03/24/2021 | The platform now provides a sign-on policy action that bypasses the PingOne sign-on screen and immediately redirects the user to an external identity provider’s sign-on workflow to authenticate. For more information, see Sign-On Policy Actions and External Authentication. |
| 03/19/2021 | The platform now provides a user account management endpoint to unlock a user account. For more information, see User Accounts, Users, Sign-On Policy Actions, MFA Settings, and Flows. |
| 02/23/2021 | The platform now supports the ability to prompt end users with your own legal text during registration and sign on. The platform records a user’s active consent to the document before proceeding with the flow. For more information, see Agreement Management, User Agreement Consents, Sign-On Policy Actions, and Flows. |
| 02/23/2021 | The platform now supports text and language customization for all end user interfaces and notifications. In this initial release, it supports the new Agreements (terms of service) feature. For more information, see Language Management. |
| 02/05/2021 | The Active Identity Counts endpoint GET /environments/{environmentId}/activeIdentityCounts is now deprecated. It is replaced with GET environments/{envID}/metrics/activeIdentityCounts and GET /organizations/{orgID}/licenses/{licenseID}/metrics/activeIdentityCount. |
| 02/03/2021 | The platform now supports groups for users. For more information, see Groups. |
| 02/03/2021 | The platform now includes optional accessControl properties on applications that, when set, specify the conditions that must be met by an authenticating actor to access the application. For more information, see Control access to applications through roles and groups. |
| 02/02/2021 | The platform now supports multiple custom contents for each template + deliveryMethod + locale combination with the variant property. For more information, see Notifications templates. |
| 02/02/2021 | The platform now supports a custom notification with the creation of an email or SMS MFA device. For more information, see Custom device pairing notification with device creation. |
| 02/1/2021 | The platform now includes the PingOne Verify APIs, and the PingOne Verify native SDKs. |
| 01/19/2021 | The platform now includes endpoints to read and update MFA settings. For more information, see MFA Settings. |
| 01/19/2021 | The platform includes support for FIDO2 bound biometrics devices and FIDO2 or U2F security key devices. For more information, see FIDO2 Biometrics Devices. |
| 01/11/2021 | The platform now supports device ordering to create a default active device. For more information, see Device order. |
| 01/08/2021 | The platform now supports external registration, which provides a sign-on action to register a user using an external identity provider’s registration workflow. For more information, see Flows and Sign-On Policy Actions. |
| 12/30/2020 | The platform now supports a maximum allowed devices setting for paired devices and a device nickname property used during authentication. For more information, see Maximum allowed devices and Device properties. |
| 12/14/2020 | The platform now supports risk policy sets and risk evaluations. For more information, see Risk Management. |
| 12/14/2020 | The platform now supports using the token endpoint so that the client can make a token exchange request to the PingOne authorization server. For more information, see Token Exchange (Gateway Credential). |
| 12/09/2020 | The application protocol data model property no longer supports the NONE option. For more information, see Applications. |
| 12/03/2020 | Notifications content variables are now case insensitive. For more information, see Notifications Templates. |
| 10/15/2020 | The platform now supports an alerting service that delivers high-level email warnings about resource states. For more information, see Alerting. |
| 10/13/2020 | The platform now supports a Time-based One-time Password (TOTP) authenticator application device type. For more information, see CREATE MFA User Device (TOTP) and Sign-on Policy Actions. |
| 09/29/2020 | The platform now supports the PingOne MFA product. For more information, see Getting Started with PingOne MFA. |
| 09/22/2020 | The platform now supports the ability to select and customize the branding themes that you can apply to your sign-on screens. For more information, see Branding. |
| 09/21/2020 | The platform now supports self-management access control scopes that allow organizations to specify which user profile attributes are accessible to end users. For more information, see Access services through scopes and roles and Resource scopes. |
| 09/14/2020 | The platform now includes endpoints to manage Yahoo, Microsoft, GitHub, and PayPal external identity provider configurations. For more information, see Identity providers. |
| 07/21/2020 | The platform now supports the ability to configure a trusted email domain for each environment. A trusted email domain with its associated email addresses enable PingOne to send emails on your organization’s behalf. For more information see Trusted email domains and Trusted email addresses. |
| 07/07/2020 | The platform now supports configuration of sign-on policies to determine whether MFA is required for authentication requests detected as originating from an anonymous network such as an unknown VPN, proxy or anonymity communication tool such as Tor. It is possible to exclude specific IP addresses using a whitelist. See the anonymousNetwork condition in the Condition Variables table in the Sign-on Policy Actions page. |
| 06/25/2020 | The platform now includes endpoints to manage Apple external identity provider configurations. For more information, see Identity providers. |
| 06/24/2020 | The platform now includes endpoints to manage Amazon external identity provider configurations. For more information, see Identity providers. |
| 06/24/2020 | The platform now includes endpoints to manage Twitter external identity provider configurations. For more information, see Identity providers. |
| 06/16/2020 | The platform now supports despatching SMS notifications via your organization’s own Twilio account in place of Ping Identity’s account. This also allows for the option of falling back to Ping’s account in the event of notification failure, using the new smsProvidersFallbackChain property. For more information see Phone delivery settings. See Notifications settings to configure an SMS provider fallback chain. |
| 06/16/2020 | The platform now supports transaction approval when strong authentication is required for elevated security for a high value transaction, or high risk resource or service. This includes use of the new request property in the following OIDC operations: GET Authorize (authorization_code), POST Authorize (authorization_code), GET Authorize (implicit) and POST Authorize (implicit). Transaction approval also permits use of the new allowDynamicVariables property in Notifications templates. |
| 06/16/2020 | From Native SDK v1.3.0, the platform supports extra verification on device authorization. For more information see the extraVerification property in Sign-on policy actions. |
| 05/05/2020 | The platform now provides an interface for third-party auditing tools to subscribe to and consume PingOne audit activity events. For more information, see Subscriptions (webhooks). |
| 04/30/2020 | The platform now supports a token revocation endpoint. For more information, see Token revocation. |
| 04/15/2020 | The platform now supports an identity-provider initiated SAML authentication single sign-on flow. For more information, see SAML 2.0. |
| 04/15/2020 | The sign-on policy service now includes an IDENTIFIER_FIRST sign-on policy action. For more information, see Sign-on policy actions. |
| 04/03/2020 | The sign-on policy service now includes a PROGRESSIVE_PROFILING sign-on policy action. For more information, see Sign-on policy actions. |
| 04/03/2020 | The licenses and capabilities services now include properties that designate whether the license allows the creation of custom domains. For more information, see Licensing and Capabilities. |
| 04/03/2020 | The flow service has changed so that a session token cookie is set only after the identity of the user has been partially established. For more information, see Identity providers. |
| 04/03/2020 | The platform now includes endpoints to manage OpenID Connect external identity provider configurations. For more information, see Identity providers. |
| 03/31/2020 | The platform now supports configuration of sign-on policies to determine whether MFA is required for authentication requests detected as having high-risk IP reputation and geovelocity anomalies. See the geovelocity and IP reputation Condition variables on the Sign-on policy actions page. |
| 03/31/2020 | From Native SDK v1.2.0, the platform includes the ability to get logs from authenticating user native devices for investigation and support. See Devices API operations on the Devices page. |
| 03/31/2020 | From Native SDK v1.2.0, the platform includes the ability to send logs from authenticating user native devices to the PingOne server, for investigation and support. |
| 03/31/2020 | From Native SDK v1.2.0, the platform supports automatic device authentication. See PingOne Native SDK flows. |
| 03/13/2020 | The platform now includes an identity propagation API that provides for configurable and audit-capable propagation of identities and their attributes between identity stores owned or managed by a customer. For more information, see Identity propagation. |
| 03/11/2020 | The platform now includes an identity provider discovery login flow that initiates actions to identify the user and determine the applicable authentication methods for this user. For more information, see Identifier first action and Get a flow. |
| 03/11/2020 | The platform now includes a progressive profiling authentication flow that prompts users to provide additional data at sign on. For more information, see Progressive profiling action and Submit profile data. |
| 02/19/2020 | The set password action now includes an optional bypassPolicy property that specifies whether the user’s password policy should be ignored. For more information, see Set password. |
| 02/10/2020 | The platform now includes an endpoint to view and license capabilities. For more information, see Capabilities. |
| 01/13/2020 | The platform now includes an endpoint to view and update the name property value for a license. For more information, see Licensing. |
| 12/17/2019 | The platform now supports a token introspection endpoint. For more information, see Token introspection. |
| 12/10/2019 | The platform now supports password policy customization. For more information, see Password policies. |
| 12/10/2019 | The platform now supports configuration of a Proof Key for Code Exchange (PKCE) authorization workflow. For more information, see OpenID Connect/OAuth 2 and Configure a PKCE authorization workflow. |
| 12/10/2019 | The platform now supports custom domains. For more information, see Custom domains. |
| 12/10/2019 | The platform now includes endpoints to manage LinkedIn external identity provider configurations. For more information, see Identity providers. |
| 12/10/2019 | The platform now includes endpoints to customize ID tokens for a OIDC applications. For more information, see Attribute mapping. |
| 12/09/2019 | The Native SDK supports automatic enrollment through OIDC authentication. |
| 10/10/2019 | The Native SDK sample app for Android now has notification banners. |
| 10/10/2019 | The Native SDK Android component dependencies have been updated: the Nimbus library has been replaced by Jose4J. See Pingone Native SDK > Android > Set up a native app using the PingOne SDK sample code > Add the PingOne SDK component into your existing project. |
| 10/10/2019 | The iOS Native SDK API now requires Swift 5.1. See Pingone Native SDK > iOS > Set up a native app using the PingOne SDK sample code > Xcode integration for software prerequisites. |
| 10/10/2019 | Logs appeared in the Android developer console. This has been resolved so that they no longer appear. (P14CMFA-3242) |
| 10/03/2019 | The platform now includes endpoints to view authentication statistics on a per application basis. For more information, see Authentications per application. |
| 08/30/2019 | The platform now includes endpoints to manage Google external identity provider configurations. For more information, see Identity providers. |
| 08/30/2019 | The platform now supports access token customization. For more information, see Access token customization. |
| 08/19/2019 | The platform now includes a basic password policy to allow for maximum customer flexibility. For more information, see Password policies. |
| 08/14/2019 | Sign-on policy action condition attributes now require camelCase syntax for attribute names (for example, ipRange, secondsSince). For more information, see Sign-on policy actions. |
| 07/31/2019 | The platform now supports the refresh_token grant type. For more information, see Access tokens and ID tokens and Obtain an access token. |
| 07/31/2019 | The platform now supports a native SDK that allows developers to send push notifications to custom native applications for multi-factor authentication (MFA). For more information, see Pairing keys, Android PingOne Native SDK API, and iOS PingOne Native SDK API. |
| 07/31/2019 | The following template IDs (see Notifications templates) have changed:
GET /environments/{envId}/templates endpoint will return the new template IDs, instead of the old ones. The deprecated offline_pairing and offline_authentication template IDs are still supported for backward compatibility, but will be unsupported at a future date. |
| 07/02/2019 | The platform now includes endpoints to manage external identity provider configurations that enable social login and inbound SAML login features in PingOne. It also includes endpoints to manage a user’s links to external identity provider accounts. For more information, see Identity providers and Linked accounts. |
| 6/25/2019 | The platform now includes endpoints to get information about the licenses associated with an organization. For more information, see Licensing. |
| 6/25/2019 | The platform now includes endpoints to get information about active identity counts and total identity counts. For more information, see Active identity counts and Total identities. |
| 06/13/2019 | The file import feature is temporarily disabled. It will be enabled in a future release. |
| 04/15/2019 | The platform now supports a passwordless authentication flow. For more information, see Sign-on with a username and Configure a passwordless sign-on policy. |
| 04/01/2019 | PATCH requests that modify custom JSON user attributes are replaced completely. For more information, see Users: Partial update. |
| 04/01/2019 | Sign on policy actions now support a policy condition language that allows both logical and data rules to construct a policy condition statement. For more information, see Sign-on policy action conditions. |
| 03/25/2019 | Platform scopes, such as p1:read:env:user, p1:create:env:device, and p1:update:env:population, have been removed. In order to access platform APIs, you must create a new WORKER application type. For more information, see Access through scopes and roles. |
| 03/25/2019 | Scopes with “self” in the name have been renamed. Example: p1:reset:self:userPassword is now p1:reset:userPassword. For more information, see Access through scopes and roles. |
| 03/01/2019 | The SAML attribute mappings data model now includes a mappingType attribute to identify CORE, SCOPE and CUSTOM mapping types. For more information, see Attribute mapping. |
| 02/18/2019 | The following templates are available for use with notifications templates: verification_code_template, recovery_code_template, offline_authentication, and offline_pairing. For more information, see Notifications templates and Notifications settings. |
| 01/28/2019 | The flow service no longer uses the /step/{stepId} sub-resource, and it no longer shows multiple statuses and nested embedded resources. The status property in the flow response contains all information about the flow’s current state. For more information, see Flows. |
| 01/22/2019 | Audit reporting supports a POST operation to retrieve audit events without exposing sensitive or personal filtering information in a GET request URL. The required SCIM filtering expression is specified in the POST request body. For more information, see Get audit activities using POST. |
| 01/21/2019 | The data model for SAML application settings requires a leading dollar sign ($) when specifying the expression in the value attribute. For example, "value": "${user.username}". For more information, see Applications SAML settings data model. |
| 01/11/2019 | The GET /environments/{environmentId}/activities endpoint no longer supports the in (includes) SCIM operator. For more information, see Audit activities and events. |
For more information about PingOne product updates, see Announcements.