This activity shows you how to define a native application, create an MFA sign-on policy that enables MFA using an authenticator application, and assign the sign-on policy to the application.
This scenario illustrates the following common operations supported by the PingOne APIs:
Workflow order of operations
To create the application and specify its sign-on policy:
Make a POST
request to the /environments/{{envID}}/applications
endpoint to define a native application.
Make a GET
request to /environments/{{envID}}/resources
to get the list of available resource server IDs.
Make a get request to /environments/{{envID}}/resources/{{resourceID}}/scopes
to get the OIDC scopes for the resource grant.
Make a POST
request to /environments/{{envID}}/applications/{{appID}}/grants
to assign a resource grant to the application.
Make a POST
request to the /environments/{{envID}}/signOnPolicies
endpoint to create a new sign-on policy.
Make a POST
request to /environments/{{envID}}/signOnPolicies/{{signOnPolicyID}}
to create an MFA sign-on policy action for the new sign-on policy.
Make a POST
request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments
to assign the MFA sign-on policy with the new application.