PingOne supports a sign-on flow that uses only a username and a multi-factor authentication (MFA) sign-on action to authenticate the user. This activity shows you how to create a sign-on policy that does not require a password at sign on.

Note: To create a new sign-on policy and its associated sign-on policy action, you must have the Environment Admin role.

This scenario illustrates the following common operations supported by the PingOne APIs:

Create an application connection
Create a sign-on policy
Create a sign-on policy action
Assign the sign-on policy to an application

Workflow order of operations

To create a sign-on policy that does not prompt for a password at login, the following tasks must be completed successfully:

Make a POST request to /environments/{{envID}}/applications to create a new application connection.
Make a POST request to /environments/{{envID}}/signOnPolicies to create a new sign-on policy.
Make a POST request to /environments/{{envID}}/signOnPolicies/{{policyID}}/actions to create a new MFA sign-on policy action, which is associated with the new (no password) sign-on policy.
Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to associate this sign-on policy with the specified application.
Make a GET request to the authorization server to retrieve the URL for the sign-on screen, which is returned in the response’s HTTP Location header.

Click the Run in Postman button below to download the Postman collection for this use case.