The following changes have been made to the PingOne API.

Date Contract change description
08/12/2021 From MFA Native SDK v1.6.0, the platform supports mobile device integrity checks.
  • The native device’s rooted property is deprecated, and is replaced by deviceIntegrityState. See Native Device Properties in MFA devices.
  • The application’s packageName and bundleId properties have been moved to the new mobile object. See Applications.
  • The pairing key object has a new error property, and the status property has the new FAILED value. See MFA pairing keys.
07/29/2021 The following properties have been added to the risk evaluations details data model: state, city, previousSuccessfulTransaction.state, previousSuccessfulTransaction.city. See Risk evaluations.
07/26/2021 The platform now supports the Credentials Issuance service, enabling you to create custom verifiable credentials for users. See Credentials Issuance.
07/14/2021 The platform now supports configuration of your MFA authentication methods according to your security policies, including passcode refresh time (mobile applications), passcode retry attempts, passcode lifetime duration, and device block duration times. See Device authentication policy.
06/30/2021 The platform now supports dispatching SMS and voice notifications via your organization’s own Syniverse account in place of Ping Identity’s account or your own Twilio account.
The phoneDeliverySettings.provider field now supports the new CUSTOM_SYNIVERSE valid value.
The fallback option uses the smsProvidersFallbackChain property. For more information see Phone delivery settings. To configure an SMS and voice provider fallback chain see Notifications settings.
06/30/2021 The platform now supports pairing a phone number as an MFA method using a voice call OTP, and subsequent voice call OTP authentication notifications to paired phone numbers.
The following new operations were added:Existing services have been extended to include voice OTP:
  • Support for voice OTP as an MFA method in a sign-on policy. See the voice and voice.enabled properties in the MULTI_FACTOR_AUTHENTICATION action data model in Sign-On Policy Actions.
  • Support for voice as one of the Notification Template’s deliveryMethods, and custom notification with the creation of an SMS, voice or email MFA device. For more information, see Custom device pairing notification with device creation.
05/06/2021 The platform now supports just-in-time provisioning of new users who authenticate with a registered authoritative external identity provider. See Identity Provider Management and Users.
05/05/2021 The platform now provides the number of OTP attempts remaining in the error message detail as part of the Check One-Time Passcode action and Activate MFA User Device action.
04/13/2021 The platform now provides a Risk Advanced Predictors endpoint to include advanced predictor criteria for risk policies. For more information, see Risk Management, Risk Advanced Predictors, and Risk Policies.
04/08/2021 If you attempt to create or update a custom content for an existing combination of template, locale, deliveryMethod and variant, you now get an INVALID_DATA/UNIQUENESS_VIOLATION error.
03/24/2021 The platform now provides a sign-on policy action that bypasses the PingOne sign-on screen and immediately redirects the user to an external identity provider’s sign-on workflow to authenticate. For more information, see Sign-On Policy Actions and External Authentication.
03/19/2021 The platform now provides a user account management endpoint to unlock a user account. For more information, see User Accounts, Users, Sign-On Policy Actions, MFA Settings, and Flows.
02/23/2021 The platform now supports the ability to prompt end users with your own legal text during registration and sign on. The platform records a user’s active consent to the document before proceeding with the flow. For more information, see Agreement Management, User Agreement Consents, Sign-On Policy Actions, and Flows.
02/23/2021 The platform now supports text and language customization for all end user interfaces and notifications. In this initial release, it supports the new Agreements (terms of service) feature. For more information, see Language Management.
02/05/2021 The Active Identity Counts endpoint GET /environments/{environmentId}/activeIdentityCounts is now deprecated. It is replaced with GET environments/{envID}/metrics/activeIdentityCounts and GET /organizations/{orgID}/licenses/{licenseID}/metrics/activeIdentityCount.
02/03/2021 The platform now supports groups for users. For more information, see Groups.
02/03/2021 The platform now includes optional accessControl properties on applications that, when set, specify the conditions that must be met by an authenticating actor to access the application. For more information, see Control access to applications through roles and groups.
02/02/2021 The platform now supports multiple custom contents for each template + deliveryMethod + locale combination with the variant property. For more information, see Notifications templates.
02/02/2021 The platform now supports a custom notification with the creation of an email or SMS MFA device. For more information, see Custom device pairing notification with device creation.
02/1/2021 The platform now includes the PingOne Verify APIs, and the PingOne Verify native SDKs.
01/19/2021 The platform now includes endpoints to read and update MFA settings. For more information, see MFA Settings.
01/19/2021 The platform includes support for FIDO2 bound biometrics devices and FIDO2 or U2F security key devices. For more information, see FIDO2 Biometrics Devices.
01/11/2021 The platform now supports device ordering to create a default active device. For more information, see Device order.
01/08/2021 The platform now supports external registration, which provides a sign-on action to register a user using an external identity provider’s registration workflow. For more information, see Flows and Sign-On Policy Actions.
12/30/2020 The platform now supports a maximum allowed devices setting for paired devices and a device nickname property used during authentication. For more information, see Maximum allowed devices and Device properties.
12/14/2020 The platform now supports risk policy sets and risk evaluations. For more information, see Risk Management.
12/14/2020 The platform now supports using the token endpoint so that the client can make a token exchange request to the PingOne authorization server. For more information, see Token Exchange (Gateway Credential).
12/09/2020 The application protocol data model property no longer supports the NONE option. For more information, see Applications.
12/03/2020 Notifications content variables are now case insensitive. For more information, see Notifications Templates.
10/15/2020 The platform now supports an alerting service that delivers high-level email warnings about resource states. For more information, see Alerting.
10/13/2020 The platform now supports a Time-based One-time Password (TOTP) authenticator application device type. For more information, see CREATE MFA User Device (TOTP) and Sign-on Policy Actions.
09/29/2020 The platform now supports the PingOne MFA product. For more information, see Getting Started with PingOne MFA.
09/22/2020 The platform now supports the ability to select and customize the branding themes that you can apply to your sign-on screens. For more information, see Branding.
09/21/2020 The platform now supports self-management access control scopes that allow organizations to specify which user profile attributes are accessible to end users. For more information, see Access services through scopes and roles and Resource scopes.
09/14/2020 The platform now includes endpoints to manage Yahoo, Microsoft, GitHub, and PayPal external identity provider configurations. For more information, see Identity providers.
07/21/2020 The platform now supports the ability to configure a trusted email domain for each environment. A trusted email domain with its associated email addresses enable PingOne to send emails on your organization’s behalf. For more information see Trusted email domains and Trusted email addresses.
07/07/2020 The platform now supports configuration of sign-on policies to determine whether MFA is required for authentication requests detected as originating from an anonymous network such as an unknown VPN, proxy or anonymity communication tool such as Tor. It is possible to exclude specific IP addresses using a whitelist. See the anonymousNetwork condition in the Condition Variables table in the Sign-on Policy Actions page.
06/25/2020 The platform now includes endpoints to manage Apple external identity provider configurations. For more information, see Identity providers.
06/24/2020 The platform now includes endpoints to manage Amazon external identity provider configurations. For more information, see Identity providers.
06/24/2020 The platform now includes endpoints to manage Twitter external identity provider configurations. For more information, see Identity providers.
06/16/2020 The platform now supports despatching SMS notifications via your organization’s own Twilio account in place of Ping Identity’s account. This also allows for the option of falling back to Ping’s account in the event of notification failure, using the new smsProvidersFallbackChain property. For more information see Phone delivery settings. See Notifications settings to configure an SMS provider fallback chain.
06/16/2020 The platform now supports transaction approval when strong authentication is required for elevated security for a high value transaction, or high risk resource or service. This includes use of the new request property in the following OIDC operations: GET Authorize (authorization_code), POST Authorize (authorization_code), GET Authorize (implicit) and POST Authorize (implicit). Transaction approval also permits use of the new allowDynamicVariables property in Notifications templates.
06/16/2020 From Native SDK v1.3.0, the platform supports extra verification on device authorization. For more information see the extraVerification property in Sign-on policy actions.
05/05/2020 The platform now provides an interface for third-party auditing tools to subscribe to and consume PingOne audit activity events. For more information, see Subscriptions (webhooks).
04/30/2020 The platform now supports a token revocation endpoint. For more information, see Token revocation.
04/15/2020 The platform now supports an identity-provider initiated SAML authentication single sign-on flow. For more information, see SAML 2.0.
04/15/2020 The sign-on policy service now includes an IDENTIFIER_FIRST sign-on policy action. For more information, see Sign-on policy actions.
04/03/2020 The sign-on policy service now includes a PROGRESSIVE_PROFILING sign-on policy action. For more information, see Sign-on policy actions.
04/03/2020 The licenses and capabilities services now include properties that designate whether the license allows the creation of custom domains. For more information, see Licensing and Capabilities.
04/03/2020 The flow service has changed so that a session token cookie is set only after the identity of the user has been partially established. For more information, see Identity providers.
04/03/2020 The platform now includes endpoints to manage OpenID Connect external identity provider configurations. For more information, see Identity providers.
03/31/2020 The platform now supports configuration of sign-on policies to determine whether MFA is required for authentication requests detected as having high-risk IP reputation and geovelocity anomalies. See the geovelocity and IP reputation Condition variables on the Sign-on policy actions page.
03/31/2020 From Native SDK v1.2.0, the platform includes the ability to get logs from authenticating user native devices for investigation and support. See Devices API operations on the Devices page.
03/31/2020 From Native SDK v1.2.0, the platform includes the ability to send logs from authenticating user native devices to the PingOne server, for investigation and support.
03/31/2020 From Native SDK v1.2.0, the platform supports automatic device authentication. See PingOne Native SDK flows.
03/13/2020 The platform now includes an identity propagation API that provides for configurable and audit-capable propagation of identities and their attributes between identity stores owned or managed by a customer. For more information, see Identity propagation.
03/11/2020 The platform now includes an identity provider discovery login flow that initiates actions to identify the user and determine the applicable authentication methods for this user. For more information, see Identifier first action and Get a flow.
03/11/2020 The platform now includes a progressive profiling authentication flow that prompts users to provide additional data at sign on. For more information, see Progressive profiling action and Submit profile data.
02/19/2020 The set password action now includes an optional bypassPolicy property that specifies whether the user’s password policy should be ignored. For more information, see Set password.
02/10/2020 The platform now includes an endpoint to view and license capabilities. For more information, see Capabilities.
01/13/2020 The platform now includes an endpoint to view and update the name property value for a license. For more information, see Licensing.
12/17/2019 The platform now supports a token introspection endpoint. For more information, see Token introspection.
12/10/2019 The platform now supports password policy customization. For more information, see Password policies.
12/10/2019 The platform now supports configuration of a Proof Key for Code Exchange (PKCE) authorization workflow. For more information, see OpenID Connect/OAuth 2 and Configure a PKCE authorization workflow.
12/10/2019 The platform now supports custom domains. For more information, see Custom domains.
12/10/2019 The platform now includes endpoints to manage LinkedIn external identity provider configurations. For more information, see Identity providers.
12/10/2019 The platform now includes endpoints to customize ID tokens for a OIDC applications. For more information, see Attribute mapping.
12/09/2019 The Native SDK supports automatic enrollment through OIDC authentication.
10/10/2019 The Native SDK sample app for Android now has notification banners.
10/10/2019 The Native SDK Android component dependencies have been updated: the Nimbus library has been replaced by Jose4J. See Pingone Native SDK > Android > Set up a native app using the PingOne SDK sample code > Add the PingOne SDK component into your existing project.
10/10/2019 The iOS Native SDK API now requires Swift 5.1. See Pingone Native SDK > iOS > Set up a native app using the PingOne SDK sample code > Xcode integration for software prerequisites.
10/10/2019 Logs appeared in the Android developer console. This has been resolved so that they no longer appear. (P14CMFA-3242)
10/03/2019 The platform now includes endpoints to view authentication statistics on a per application basis. For more information, see Authentications per application.
08/30/2019 The platform now includes endpoints to manage Google external identity provider configurations. For more information, see Identity providers.
08/30/2019 The platform now supports access token customization. For more information, see Access token customization.
08/19/2019 The platform now includes a basic password policy to allow for maximum customer flexibility. For more information, see Password policies.
08/14/2019 Sign-on policy action condition attributes now require camelCase syntax for attribute names (for example, ipRange, secondsSince). For more information, see Sign-on policy actions.
07/31/2019 The platform now supports the refresh_token grant type. For more information, see Access tokens and ID tokens and Obtain an access token.
07/31/2019 The platform now supports a native SDK that allows developers to send push notifications to custom native applications for multi-factor authentication (MFA). For more information, see Pairing keys, Android PingOne Native SDK API, and iOS PingOne Native SDK API.
07/31/2019 The following template IDs (see Notifications templates) have changed:
  • offline_pairing has been renamed to device_pairing
  • offline_authentication has been renamed to strong_authentication
Calls to the GET /environments/{envId}/templates endpoint will return the new template IDs, instead of the old ones. The deprecated offline_pairing and offline_authentication template IDs are still supported for backward compatibility, but will be unsupported at a future date.
07/02/2019 The platform now includes endpoints to manage external identity provider configurations that enable social login and inbound SAML login features in PingOne. It also includes endpoints to manage a user’s links to external identity provider accounts. For more information, see Identity providers and Linked accounts.
6/25/2019 The platform now includes endpoints to get information about the licenses associated with an organization. For more information, see Licensing.
6/25/2019 The platform now includes endpoints to get information about active identity counts and total identity counts. For more information, see Active identity counts and Total identities.
06/13/2019 The file import feature is temporarily disabled. It will be enabled in a future release.
04/15/2019 The platform now supports a passwordless authentication flow. For more information, see Sign-on with a username and Configure a passwordless sign-on policy.
04/01/2019 PATCH requests that modify custom JSON user attributes are replaced completely. For more information, see Users: Partial update.
04/01/2019 Sign on policy actions now support a policy condition language that allows both logical and data rules to construct a policy condition statement. For more information, see Sign-on policy action conditions.
03/25/2019 Platform scopes, such as p1:read:env:user, p1:create:env:device, and p1:update:env:population, have been removed. In order to access platform APIs, you must create a new WORKER application type. For more information, see Access through scopes and roles.
03/25/2019 Scopes with “self” in the name have been renamed. Example: p1:reset:self:userPassword is now p1:reset:userPassword. For more information, see Access through scopes and roles.
03/01/2019 The SAML attribute mappings data model now includes a mappingType attribute to identify CORE, SCOPE and CUSTOM mapping types. For more information, see Attribute mapping.
02/18/2019 The following templates are available for use with notifications templates: verification_code_template, recovery_code_template, offline_authentication, and offline_pairing. For more information, see Notifications templates and Notifications settings.
01/28/2019 The flow service no longer uses the /step/{stepId} sub-resource, and it no longer shows multiple statuses and nested embedded resources. The status property in the flow response contains all information about the flow’s current state. For more information, see Flows.
01/22/2019 Audit reporting supports a POST operation to retrieve audit events without exposing sensitive or personal filtering information in a GET request URL. The required SCIM filtering expression is specified in the POST request body. For more information, see Get audit activities using POST.
01/21/2019 The data model for SAML application settings requires a leading dollar sign ($) when specifying the expression in the value attribute. For example, "value": "${user.username}". For more information, see Applications SAML settings data model.
01/11/2019 The GET /environments/{environmentId}/activities endpoint no longer supports the in (includes) SCIM operator. For more information, see Audit activities and events.

More information

For more information about PingOne product updates, see Announcements.