Sign-on policies determine the account authentication flow users must complete to access applications secured by PingOne services. PingOne provides the following pre-defined sign-on policy configurations:

Sign-on policies are defined by their associated actions. For example, the Single-Factor sign-on policy resource uses a defined LOGIN action that prompts users for a username and password. The Multi-Factor sign-on policy resource uses a defined MULTI_FACTOR_AUTHENTICATION action that prompts users to complete a second authentication action, such as entering a one-time password received on a registered device or accepting a push confirmation on a registered mobile device.

The Multi-Factor sign-on policy can also be used to configure a PASSWORDLESS authentication method. The authentication flow first identifies the user by the username property and determines the applicable second factor to complete authentication.

The actions associated with a sign-on policy resource can be modified using a PUT request. The examples that follow show common operations to create and manage sign-on policies resources. You need the Environment Admin role to perform operations on sign-on policy resources.

Sign-on policies data model

Property Description
createdAt The time the resource was created.
default A boolean that specifies whether this sign-on policy is the environment’s default that is used by applications that do not have application-specific sign-on policy assignments. This property can only be set to true, in which case the isDefault property of all other sign-on policies are set to false.
description A string that specifies the description of the sign-on policy.
enabled A boolean that specifies whether the sign-on policy is enabled and can be assigned to applications. This property must be set to false when creating a new sign-on policy, and it can be set to true only for policies with one or more actions. The environment’s default policy cannot be disabled, and disabling a sign-on policy deletes any corresponding assignments. A string that specifies the environment resource’s unique identifier associated with the sign-on policy.
id A string that specifies the sign-on policy resource’s unique identifier.
name A string that specifies the resource name. The name must be unique within the environment, and can consist of either a string of alphanumeric letters, underscore, hyphen, period: ^[a-zA-Z0-9_. -]+$ or an absolute URI if the string contains a “:” character.
updatedAt The time the resource was last updated.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
404 The requested resource was not found.