Licensing


License entitlements and enforcement

The property values of the license resource specify the licensing boundaries. The license identifies the organization that owns the license, the licensing package type, and the expiration date for the license. The following entitlements are also defined in the licensing package:

For environments:

  • Allow or deny production environments
  • Allow or deny delegated administration
  • Designate the maximum number of environments allowed by the organization
  • Designate the allowed regions

For users and applications:

  • Set the maximum number of users for the organization
  • Designate whether to allow custom schemas for users
  • Designate the allowed application protocols (OPENID_CONNECT, SAML2_IDP)

For sign-on policies:

  • Allow or deny custom authentication flows

For integrated Ping Identity product support:

  • Access to PingAccess
  • Access to PingFed
  • Access to PingDirectory
  • Access to PingIntelligence

Licenses API operations

The licenses endpoints support the following operations:

For hands-on experience with the licenses API endpoints, click the Run in Postman button below to download a Postman collection that you can import and open in your local Postman application.

Licenses data model

Property Description
applications.protocols A string that specifies the application connection protocols allowed. Options are OPENID_CONNECT and SAML2_IDP.
beginsAt The date and time this license begins.
environments.allowDelegatedAdmin A boolean that specifies whether delegated administration is allowed.
environments.allowProduction A boolean that specifies whether production environments are allowed.
environments.max An integer that specifies the maximum number of environments allowed.
environments.regions A string that specifies the allowed regions associated with environments. Options are NORTH_AMERICA and EUROPEAN_UNION.
expiresAt The date and time this license expires. TRIAL licenses stop access to PingOne services at expiration. All other licenses trigger an event to send a notification when the license expires but do not block services.
organization.id A string that specifies the organization resource’s unique identifier associated with the license.
id A string that specifies the license resource’s unique identifier.
onPremisesSupport.products A string that specifies the on-premises applications that can integrate with this organization. Options are PING_ACCESS and PING_FEDERATE.
package A string that specifies the the license template on which this license is based. This is a required property. Options are TRIAL, STANDARD, PREMIUM, and GLOBAL.
prod_envs A boolean that specifies whether production environments are allowed.
schemas.custom A boolean that specifies whether custom user schemas are allowed.
signOnPolicy.allowCustomFlows A boolean that specifies whether custom sign-on policy flows are allowed.
terminatesAt An optional attribute that designates the exact date and time when this license terminates access to PingOne services. This attribute can be added to any licensing package.
users.max An integer that specifies the maximum number of users allowed per environment.

Response codes

Code Message
200 Successful operation.
400 The request could not be completed.
401 You do not have access to this resource.
404 The requested resource was not found.

Endpoint examples

Get licenses

The following sample shows the GET /organizations/{organizationId}/licenses operation to return the complete list of license resources associated with the specified organization.

curl -X "GET" "https://api.pingone.com/v1/organizations/{organizationId}/licenses" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/organizations/ede708a2-2303-4d7a-bbf7-d72abe80fd07/licenses"
        }
    },
    "_embedded": {
        "licenses": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/organizations/ede708a2-2303-4d7a-bbf7-d72abe80fd07/licenses/52dab8f4-aa4b-4615-990c-6ba9a10ecc2a"
                    },
                    "organization": {
                        "href": "https://api.pingone.com/v1/organizations/ede708a2-2303-4d7a-bbf7-d72abe80fd07"
                    }
                },
                "applications": {
                    "protocols": [
                        "OPENID_CONNECT",
                        "SAML2_IDP"
                    ]
                },
                "beginsAt": "2019-05-21T17:47:23.574Z",
                "environments": {
                    "allowDelegatedAdmin": true,
                    "allowProduction": false,
                    "max": 5,
                    "regions": [
                        "NORTH_AMERICA"
                    ]
                },
                "expiresAt": "2019-08-19T17:47:23.574Z",
                "id": "52dab8f4-aa4b-4615-990c-6ba9a10ecc2a",
                "onPremisesSupport": {
                    "products": [
                        "PING_ACCESS",
                        "PING_FEDERATE"
                    ]
                },
                "organization": {
                    "id": "ede708a2-2303-4d7a-bbf7-d72abe80fd07"
                },
                "package": "TRIAL",
                "schemas": {
                    "allowCustom": true
                },
                "signOnPolicy": {
                    "allowCustomFlows": true
                },
                "users": {
                    "max": 10000000
                }
            }
        ]
    },
    "count": 1,
    "size": 1
}

Note: An organization can have several licenses, such as a TRIAL license and a STANDARD license. However, an organization can have only one active license. For organizations with more than one license, you can use a filter with the GET /organizations/{organizationId}/licenses operation to return the list of licenses in descending order, showing the active license first.

curl -X "GET" "https://api.pingone.com/v1/organizations/{organizationId}/licenses?filter=beginsAt lt "{now}"&order=-beginsAt" \
-H 'Authorization: Bearer jwtToken'

Get one license

You can use GET /organizations/{organizationId}/licenses/{licenseId} to view a license associated with the specified organization. The following sample shows the operation to get information about a single license. The license ID is specified in the request URL.

curl -X "GET" "https://api.pingone.com/v1/organizations/{organizationId}/licenses/{licenseId}" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/organizations/ede708a2-2303-4d7a-bbf7-d72abe80fd07/licenses/52dab8f4-aa4b-4615-990c-6ba9a10ecc2a"
        },
        "organization": {
            "href": "https://api.pingone.com/v1/organizations/ede708a2-2303-4d7a-bbf7-d72abe80fd07"
        }
    },
    "applications": {
        "protocols": [
            "SAML2_IDP",
            "OPENID_CONNECT"
        ]
    },
    "beginsAt": "2019-05-21T17:47:23.574Z",
    "environments": {
        "allowDelegatedAdmin": true,
        "allowProduction": false,
        "max": 5,
        "regions": [
            "NORTH_AMERICA"
        ]
    },
    "expiresAt": "2019-08-19T17:47:23.574Z",
    "id": "52dab8f4-aa4b-4615-990c-6ba9a10ecc2a",
    "onPremisesSupport": {
        "products": [
            "PING_ACCESS",
            "PING_FEDERATE"
        ]
    },
    "organization": {
        "id": "ede708a2-2303-4d7a-bbf7-d72abe80fd07"
    },
    "package": "TRIAL",
    "schemas": {
        "allowCustom": true
    },
    "signOnPolicy": {
        "allowCustomFlows": true
    },
    "users": {
        "max": 10000000
    }
}