This step associates a sign-on policy action with the new sign-on policy you created in Step 3. The POST /environments/{environmentId}/signOnPolicies/{policyId}/actions operation creates the sign-on policy action resource, which is associated with the sign-on policy ({policyId}) specified in the request URL.
PingOne supports several sign-on policy action types:
LOGIN
Basic authentication that prompts for a username and password.
MULTI_FACTOR_AUTHENTICATION
An authentication method that prompts users to enter a one-time password received on a registered device or accept a push confirmation on a registered mobile device.
IDENTIFIER_FIRST
An action used to identify the user by username and determine the applicable authentication methods for this user.
PROGRESSIVE_PROFILING
An action to prompt users to provide additional data at sign on. This action type does not authenticate users. It is used only to obtain additional profile data.
To establish a SAML username/password login flow, the type property for the action resource associated with the sign-on policy is set to LOGIN.
For a sign-on action that supports SAML, the sign-on policy action must include the socialProviders.id property to specify the SAML identity provider ID {providerId} that you created in Step 2.
In addition, it is recommended that a sign-on policy that supports a SAML external identity provider also include the registration property to allow automatic account creation and account linking between the user’s identity provider account and the PingOne account. For details about the registration sign-on action and how it relates to account linking, see External identity provider login flow states.
In this sample, the priority property is set to 1, which designates this policy as the first sign-on policy executed, if there is more than one sign-on policy associated with the application. In addition, this action includes the recovery property to enable the password.recover authentication flow, allowing users to recover a forgotten password.