This activity shows you how to define a native application, create an MFA sign-on policy that enables MFA using an authenticator application, and assign the sign-on policy to the application.

This scenario illustrates the following common operations supported by the PingOne APIs:

• Create an application
• Assign a resource grant to the application
• Create a sign-on policy
• Create a sign-on policy MFA action
• Assign a sign-on policy to an application

Workflow order of operations

To create the application and specify its sign-on policy:

1. Make a POST request to the /environments/{{envID}}/applications endpoint to define a native application.

2. Make a GET request to /environments/{{envID}}/resources to get the list of available resource server IDs.

3. Make a get request to /environments/{{envID}}/resources/{{resourceID}}/scopes to get the OIDC scopes for the resource grant.

4. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to assign a resource grant to the application.

5. Make a POST request to the /environments/{{envID}}/signOnPolicies endpoint to create a new sign-on policy.

6. Make a POST request to /environments/{{envID}}/signOnPolicies/{{signOnPolicyID}} to create an MFA sign-on policy action for the new sign-on policy.

7. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to assign the MFA sign-on policy with the new application.