The external authentication API provides endpoints for performing end user authentication with PingOne supported external identity providers. End users are redirected immediately to the authentication initialization endpoint at the external authentication service. After users authenticate at the provider, they are redirected back to the external authentication service’s authentication callback endpoint, where the external authentication API validates the token or assertion returned from the external identity provider.

External authentication data model

Property Description
attributes An object that specifies the mapped user attributes and their values from the external identity provider.
{attributename} An object that specifies the name of the mapped user attribute from the external identity provider.
{attributename}.value A string that specifies the value for the mapped user attributerom the external identity provider.
{attributename}.update An enumeration that specifies the update behavior for this attribute based on identity provider configuration. Options are EMPTY_ONLY and ALWAYS.
externalId A string that specifies the identifier returned by the identity provider for the external user.
flow A reference to the PingOne flow associated with this external authentication. This property is required.
flow.id A string that specifies the flow ID associated with this external authentication. This property is required.
identityProvider A reference to the external identity provider that is used to authenticate the user. This property is required.
identityProvider.id A string that specifies the ID of the external identity provider to which the user is redirected for sign-on. This property is required.
status A string that specifies status of the external authentication. Options are
  • PROVIDER_RESPONSE_REQUIRED: Awaiting callback from provider with authentication results.
  • COMPLETED: External authentication request completed successfully.
  • FAILED: The identity provider returned an error.
error An object that when the status is FAILED, returns an error detail from the identity provider to the PingOne flow associated with this external authentication.
error.code A string that specifies the PingOne code for the error.
error.message A string that specifies the description of the error.

Response codes

Code Message
302 Found.
400 The request could not be completed.
401 You weren’t authenticated to perform this operation.
403 You do not have permissions or are not licensed to make this request.