The following changes have been made to the PingOne APIs or the associated SDKs.
| Release Date | Description |
|---|---|
| Apr 8, 2024 | Simplify changing your PingOne regional domain with an environment variable, tld, in the public PingOne environment template that represents the top level domain (TLD) for your PingOne domain, such as com or eu. All the {{...Path}} variables, such as {{apiPath}} and {{authPath}}, reference {{tld}}. To change your region’s top level domain, merely change the value of {{tld}}. See PingOne API domains for more information. |
| Apr 3, 2024 | You can submit a redirect URL and redirect message, used and seen by users when submitting verification documents, in the body of Create Verify Transaction. |
| Apr 3, 2024 | You can issue and update user credentials via a Create a User Credential or Update a User Credential call rather than an Issuance Rule. |
| Apr 3, 2024 | When you create a trusted email domain, PingOne now prepares an additional text record that reflects the association of the domain with the specific PingOne environment. If you add this new record to your DNS, any “sender” email address belonging to the domain is set to active status as soon as you create it, with no need for a verification email. For details, see Trusted Email Domains. |
| Apr 2, 2024 | FIDO policies now include an option called aggregateDevices that you can use to specify that the displayed list of available authentication methods should include only a single generic entry for FIDO2 devices, even if the user has multiple paired FIDO2 devices. For details, see FIDO Policies. With the introduction of this feature, responses to requests that use the deviceAuthentications and flows endpoints may now include a field called aggregateFido2Devices, indicating whether the available authentication method list should include only a single generic FIDO2 option. |
| Mar 12, 2024 | We’ve added the new LDAP Gateway attribute userTypes.updateUserOnSuccessfulAuthentication. When enabled, on user sign on, user attributes are updated based on responses from the LDAP server. For details, see Gateway LDAP data model. |
| Mar 4, 2024 | The external IdP service now supports PKCE. A new pkceMethod property has been added to the base IdP data model. For details, see Identity Provider Management. |
| Mar 4, 2024 | PingOne Protect now has a new risk predictor called Email Reputation to detect the use of disposable email addresses during registration. The value of the type parameter for this predictor is EMAIL_REPUTATION. For details, see Risk Predictors. For risk evaluations based on policies that include an email reputation predictor, the response may include a value of TEMP_EMAIL_MITIGATION for the result.recommendedAction field. For details, see Risk evaluations. |
| Mar 4, 2024 | For risk evaluations that use a risk policy with the New Device predictor, the response now includes the field details.device.lastSeen, which represents the date and time that the device was last seen. If an externally-maintained device ID was provided in the risk evaluation request, the response will include externalLastSeen for the date and time that the device was last seen. For details, see Risk evaluations. |
| Feb 28, 2024 | For situations where a user did not receive the one-time passcode (OTP) that was sent for pairing a device, you can now use the devices endpoint to resend the OTP. For details, see Resend Pairing Code. |
| Feb 21, 2024 | The platform now supports the device_code device authorization grant type on an application configuration, and it also provides endpoints to initiate and manage a device authorization flow. For details, see Device Authorization Grant. |
| Feb 20, 2024 | A new field, fidoUserVerification, was added to the information that can be included in MFA device reports generated with the dataExplorations endpoint. For details, see Reporting. |
| Feb 14, 2024 | PingOne now supports the CLIENT_SECRET_JWT and PRIVATE_KEY_JWT token endpoint authentication methods for OIDC applications. For details, see the jwks and jwksUrl properties in Application Operations, the client_assertion and client_assertion_type properties in OpenID Connect/OAuth 2, Token (authorization_code) (CLIENT_SECRET_JWT), Token (authorization_code) (PRIVATE_KEY_JWT), and Configure CLIENT_SECRET_JWT as the Token Auth Method. |
| Feb 12, 2024 | PingOne Protect now has a new risk predictor to prevent Adversary-in-the-Middle (AitM) attacks. To create an AitM predictor, set the type parameter to the new value ADVERSARY_IN_THE_MIDDLE and use the whiteList parameter to specify the legitimate domains that your users will access for your restricted resources. For details, see Risk Predictors. |
| Feb 5, 2024 | PingOne Verify no longer reads or uses verifyStatus on the user. The PingOne Neo Verify Verify Status endpoint, /environments/{{envID}}/users/{{userID}}/verifyStatus and its two operations, Read User Verification Status and Update User Verification Status at the same URL, are deprecated. The endpoint and requests will be removed February 2025. |
| Jan 19, 2024 | We’ve added the icon property to the Environments service, enabling you to assign an icon to a PingOne environment. See the Environments data model for details. |
| Jan 16, 2024 | The platform’s client secret configuration now supports optional parameters to designate the replaced secret as a “previous” secret that remains valid for a specified period, up to 30 days. For details, see Update Application Secret and Create Resource Client Secret. |
| Jan 11, 2024 | The platform supports the PingOne Authorize application resources and roles services, which provide endpoints to define custom resources, roles, and permissions to protect external application resources. For details, see PingOne Authorize Application Resources and Roles. |
| Jan 8, 2024 | The platform supports reduced self-service scopes when the mfa authentication method is not included as an amr claim value in the token. For details, see PingOne self-management scopes. |
| Jan 7, 2024 | Changes have been made to the steps required to retrieve MFA device reports generated as files. This is reflected in the responses to the relevant requests. For details, see Reporting. Note that the .zip file containing the report is now password-protected and cannot be opened without the password that is returned. |
| Jan 4, 2024 | A field called device.externalId has been added to the Event data model for risk evaluations. You can use this field to send an externally-maintained device ID to the risk evaluation. If you provide such an ID, that is the device ID that will be used rather than the device ID provided by the Signals SDK. For details, see Risk evaluations. |
| Jan 3, 2024 | We’ve added a corsSettings object to support applications using cross-origin resource sharing (CORS). See Cross-origin resource sharing, and the corsSettings properties in the Applications data models for OIDC, SAML, and WS-Federation. |
| Dec 15, 2023 | You can now set and get the default identity provider (IdP) for a population. See Update Population Default IdP and Read One Population Default IdP for details. |
| Dec 8, 2023 | PingOne Platform API collections in the PingOne public workspace now use Postman Collection-Level Authorization of type bearer. All requests that use bearer token authorization are now set to Inherit authorization from parent. |
| Dec 4, 2023 | The PingOne Neo Verify User Data endpoint, /environments/{{envID}}/users/{{userID}}/verifyTransactions/{{transactionID}}/userData and its only operation, Read User Verification Data at the same URL, are deprecated. The endpoint and request will be removed December 2024. |
| Dec 4, 2023 | The New Device Paired notification template now has an optional variable called report.fraud. If you include this variable, the notification will include a link for reporting fraudulent pairing attempts. For details, see Notifications Templates. |
| Nov 16, 2023 | We’ve added documentation for the supported password encoding schemes. See Password encoding for more information. |
| Oct 24, 2023 | You can now assign admin roles to user groups. See Group Role Assignments. |
| Oct 12, 2023 | PingOne now supports outbound mutual TLS (mTLS) authentication with webhooks. You can upload a key with a usageType of OUTBOUND_MTLS and pass the ID to the tlsClientAuthKeyPair.id property when creating or updating a webhook. For more information, see Subscriptions (webhooks). |
| Oct 4, 2023 | Added the displayName, sourceId, and sourceType parameters to allow querying of external user groups. See Groups. |
| Sep 19, 2023 | When creating composite predictors, it is now possible to create additional sets of conditions to form an if / else if structure. To facilitate this, the composition object has been replaced with an array called compositions. To ensure backward compatibility, requests that contain the single composition object are still supported. For details, see Risk Predictors. |
| Sep 18, 2023 | When providing the flow type as input for a risk evaluation, you can now use other types in addition to AUTHENTICATION. The new flow types supported are: REGISTRATION, ACCESS, AUTHORIZATION, and TRANSACTION. See Risk Evaluations. |
| Sep 18, 2023 | In the MFA Settings for an environment, you can now specify whether MFA should be enabled by default for a user when their account is created. For details, see users.mfaEnabled in MFA settings. |
| Sep 14, 2023 | If you create a pairing key that is shared by multiple applications, but define different pairing key lifetimes for the different applications, all the applications using the pairing key now use the most strict setting that you specified for key lifetime (shortest time). |
| Sep 7, 2023 | We’ve added a Correlation-Id setting in the header of Phone Delivery Settings requests to the custom provider enabling you to track notifications sent by the custom provider using the Correlation-Id value. See Phone Delivery Settings. |
| Sep 5, 2023 | We’ve added information regarding how to handle client secret updates for external identity providers. See Update Identity Provider. |
| Sep 5, 2023 | You can now specify Elliptical Curve Digital Signature Algorithm (ECDSA) signing certificate algorithms for your SAML identity providers and applications. See Create Identity Provider (SAML) and SAML Application Settings Data Model. |
| Aug 10, 2023 | You can now use the RequestedAuthnContext parameter to specify lower-priority application flow policies for SAML applications. See Application Flow Policy Assignments. |
| Jul 31, 2023 | Added a new endpoint to PingOne Authorize to manage API service deployment. See API Service Deployment. |
| Jul 26, 2023 | We’ve added the new roles DaVinci Admin and DaVinci Read-Only Admin. Currently, you cannot assign these roles to a Worker app. For details, see Roles. |
| Jul 5, 2023 | A new field called newDeviceNotification has been added for MFA policies to allow you to specify that users should receive an SMS or email notification when a new device is added to their account. For details, see Device Authentication Policies. |
| Jul 5, 2023 | New fields were added to the information that can be included in MFA device reports generated with the dataExplorations endpoint: deviceIntegrityStateCompromised, deviceIntegrityStateReason, deviceIntegrityStateTimestamp, deviceIntegrityStateAdvice, extension, fidoBackupEligibility, fidoBackupState, lastDeviceTrxTime. For details, see Reporting. |
| Jun 30, 2023 | Two new risk predictors - Bot Detection and Suspicious Device - have been added. For details, see Risk Predictors and Risk Evaluations. |
| Jun 30, 2023 | For including data from the Signals SDK in risk evaluations, the data in now sent using the sdk.signals.data property rather than sending the data in the header of the request. For details, see Risk Evaluations. |
| Jun 20, 2023 | In MFA policies, you can now disable pairing for specific authentication methods. You can use this option if you want to phase out an existing authentication method but want to allow users to continue using the method for authentication for existing devices. See pairingDisabled in Device Authentication Policies. |
| Jun 19, 2023 | To provide support for passkeys, Fido policies have been expanded significantly. For details, see FIDO Policies. Note that FIDO policy requests now use the endpoint environments/{{envID}}/fido2Policies and not environments/{{envID}}/fidoPolicies. In the framework of these changes, support was added for a new MFA device type called FIDO2. For details, see MFA Devices. |
| Jun 15, 2023 | Requests that use the flows endpoint and the deviceAuthentications endpoint now include additional device status information in the response: usableStatus, pushStatus, and otpStatus. For details, see Flows and MFA Device Authentications. |
| Jun 12, 2023 | PingOne MFA has moved to Firebase Cloud Messaging for sending push messages. This impacts the credentials you must enter when enabling push notifications for Google Play-based mobile applications. For details, see Application MFA Push Credentials. |
| Jun 1, 2023 | We’ve fixed an issue with the Try a Request feature in the documentation. We’ve re-enabled this feature for all endpoints except the authorization endpoints (identified by the {{authPath}} variable). The Try a Request feature has always been blocked for these endpoints, due to a CORS constraint. |
| May 18, 2023 | You can now choose to include the IP address of an actor and the user-agent HTTP header of an event in the source section of a subsciption audit event. See Create Subscriptions. |
| May 8, 2023 | It is now possible to have one-time passwords delivered via voice to phone numbers that include extensions. For details on enabling support for phone numbers with extensions, see MFA Settings. |
| Apr 28, 2023 | PingOne now supports a Language Translations service, which provides operations to view the custom string translations for a specified language and to update localized strings for specified user interface elements. For details, see Language Translations. |
| Apr 25, 2023 | DaVinci no longer ignores the pi.flow OAuth property. For details about pi.flow, see the OpenID Connect/OAuth2 data model. |
| Apr 23, 2023 | When creating notification policies, you can now use the quotas array to limit the use of email messages for pairing and authentication. For details, see Notification Policies. |
| Apr 19, 2023 | For integrity checking on Android devices, PingOne MFA now uses Google’s Play Integrity API. This requires you to provide additional information from your Google service account if you want to create or update an application that uses integrity checking. For the details of the new mandatory fields, see the Applications OIDC settings data model table in Application Operations and the Create Application (OIDC Protocol - Native App) sample. |
| Apr 14, 2023 | PingOne now supports the Forms service, which provides tools for administrators to create custom forms presented to users during the authentication workflow. For details, see Forms and Forms Recaptcha. |
| Apr 3, 2023 | When creating notification policies, you can now use the countryLimit object to limit the countries where you can use SMS and voice notifications. For details, see Notification Policies. |
| Mar 27, 2023 | PingOne now supports the SCIM 2.0 identity management standard for provisioning users into PingOne Directory. Currently we support the /Users endpoint with basic SCIM to PingOne Directory attribute mapping. For details, see SCIM. |
| Mar 27, 2023 | When creating or updating New Device risk predictors, you can now use the activationAt parameter to specify a date on which the learning process for the predictor should be restarted. This can be used in conjunction with the fallback setting (default.result.level) to force strong authentication when moving the predictor to production. For details, see Risk Predictors. |
| Mar 26, 2023 | In addition to combining existing predictors, you can now include the following risk factors in your composite predictors: country, state, IP range, IP domain organization, ISP, target resource (application). For details, see Risk Predictors. |
| Mar 16, 2023 | We’ve added new Sessions endpoints to Reset the Authentication Session by Session ID or Reset the Authentication Session by Session Token. |
| Mar 13, 2023 | When defining the settings for mobile applications in an MFA policy, you can now use the new pairingKeyLifetime object to specify how long an issued pairing key can be used until it expires. For details, see Device Authentication Policies. |
| Mar 13, 2023 | You can now define the number of consecutive push notifications that can be ignored or rejected by a user within a defined period before push notifications are blocked for an application. Use this setting to prevent attacks based on repeated push notifications that may lead users to eventually accept the authentication request. For details, see the documentation for the pushLimit object in Device Authentication Policies. |
| Feb 01, 2023 | The platform now supports properties for enumerated values and regular expression validation in the schema data model. For details, see Schemas. |
| Jan 10, 2023 | You can now configure Android applications to use Huawei Mobile Services. For details, see Application Operations and Application MFA Push Credentials. |
| Jan 10, 2023 | You can now use the dataExplorations endpoint to generate reports of MFA devices. For details, see Reporting. |
| Jan 10, 2023 | For notification templates of type “Push”, it is now possible to specify a push category to control the type of banner that is displayed to the user. For details, see Notification Templates. |
| Jan 3, 2023 | You can now use the riskPredictors endpoint to create New Device predictors, which allow your risk policy to take into account the risk associated with users trying to access applications from unknown devices or devices that have not been used in the recent past. For details, see Risk Predictors. |
| Jan 3, 2023 | In MFA policies, it is now possible to specify how much time users have to respond to a push notification before it expires. This period can be defined separately for each mobile application included in the MFA policy. For details, see Device Authentication Policies. |
| Jan 3, 2023 | The default method to use for MFA is now set at the MFA policy level rather than at the environment level. For details, see Device Authentication Policies. |
| Jan 3, 2023 | It is now possible to block a user’s MFA device, and to unblock a device that is currently blocked. For details, see MFA Devices. |
| Dec 15, 2022 | It is now possible to use the API to unlock a device that was locked-out due to too many failed MFA attempts, even if the defined waiting period has not yet elapsed. For details, see MFA Devices. |
| Dec 15, 2022 | It is now possible to use the gateways endpoint to create a RADIUS gateway. For details, see Gateway Management. |
| Dec 8, 2022 | We’ve added properties to support applications using WS-Federation. See the Applications base data model and the Applications WS-Federation settings data model for more information. |
| Dec 2, 2022 | We’ve added an email verification endpoint to verify a user’s email through a verification code. See User Email Verification. |
| Nov 22, 2022 | You can now use the hiddenFromAppPortal property to hide an application in the application portal, overriding your configured group membership access policy. See Applications base data model. |
| Oct 26, 2022 | You can now use the nameFormat property to define the naming format for attributes other than Subject. See Applications attribute mapping data model. |
| Oct 26, 2022 | We’ve added the initiateLoginUri and targetLinkUri properties to the Applications OIDC data model. |
| Oct 25, 2022 | The Token Introspection Endpoint now supports authentication with a Resource ID and Secret. See POST Token Introspection (Resource ID and Secret) and Resource Secret. |
| Oct 21, 2022 | You can now allow a wildcard character in the Redirect URI for OIDC applications. See Applications OIDC settings data model. |
| Oct 19, 2022 | PingOne Risk now includes an SDK that allows you to obtain additional risk-related data and pass the data to the risk evaluation, resulting in improved detection. The riskEvaluations endpoint can now take the data provided by the SDK in a header called X-SDK-DATA-PAYLOAD. For details, see the documentation for creating risk evaluations. |
| Sep 28, 2022 | To simplify automated testing of your applications, you can now create dedicated testing devices. When you use the API to send authentication requests to such a device, the OTP is not sent to the actual device, but instead is returned as part of the body of the response. See MFA Devices. |
| Sep 15, 2022 | We’ve added support for the WS-Federation protocol to the Application Management service. This supports Microsoft’s Office365 and Azure integration with PingOne. See Create Application (WS-Federation Protocol) for more information. |
| Aug 31, 2022 | When using the mfaSettings endpoint to update MFA settings, you can now use pairing.pairingKeyFormat to specify the type of pairing keys that should be used - 12-digit numeric keys or 16-character alphanumeric keys. Existing environments will continue to use the 12-digit numeric keys unless changed. New environments will use the 16-character keys by default. |
| Aug 31, 2022 | It is now possible to create composite predictors - for situations where you are interested in combining a number of risk predictors into a single predictor. See Risk Predictors. |
| Aug 26, 2022 | The platform now supports adding custom claims to an OpenID Connect scope. See Resource Scopes. |
| Aug 18, 2022 | We’ve added a default property to the Populations endpoint, enabling you to assign a default population to an environment. See Populations. |
| Aug 14, 2022 | When creating or editing an MFA policy, you can now use the field mobile.applications[].integrityDetection to specify how registration and authentication attempts should be handled if a response is not received for device integrity: continue with the flow or block the user. For details, see Device Authentication Policies. |
| Aug 14, 2022 | When defining a mobile application, you can now use mobile.integrityDetection.excludedPlatforms in conjuction with mobile.integrityDetection.mode to enable device integrity checking only for Android or only for iOS. For details, see Application Operations. |
| Aug 2, 2022 | You can now use Kerberos to sign-on users. See Gateway LDAP data model in Gateway Management and the Sign On with Kerberos request. |
| Aug 2, 2022 | You can now force a reset of the password identified by the user ID and environment ID without the administrator supplying a password. See Force Change Password request. |
| Aug 2, 2022 | It is now possible to use the API to create and manage FIDO policies, which can then be included in device authentication policies. For details, see FIDO Policies and Device Authentication Policies. |
| Aug 1, 2022 | It is now possible to use the riskPolicySets endpoint with conditions of type AGGREGATED_SCORES to create score-based policies. See Risk Policies. |
| Jul 18, 2022 | For sign-on policies in PingOne, MFA steps are added now by referencing an existing MFA policy rather than having to define the specific authentication methods that are allowed for the policy. For details, see Sign-On Policy Actions. |
| Jul 14, 2022 | The platform now includes PingFederate admin roles, allowing admins to SSO from PingOne into PingFederate with the appropriate permissions for their role. See Roles. |
| Jul 10, 2022 | For organizations that prefer to maintain their own user device information, it is now possible to initiate authentication while providing the information necessary for contacting the user. See the documentation for the selectedDevice object in MFA Device Authentications. |
| Jul 7, 2022 | It is now possible to create passwordless authentication flows that require only FIDO2 authentication with no need for the user to provide their username. To use this feature, use the rp.id property in the request body for deviceAuthentications. For details, see MFA Device Authentications. |
| Jun 6, 2022 | You can now define notification policies to limit the use of SMS and voice messages for pairing and authentication. For details, see Notification Policies. |
| Apr 28, 2022 | The platform now includes the PingOne Authorize API access management service, which provides tools to externalize the management and evaluation of access control policies for HTTP-based APIs. See PingOneAuthorize API Access Management. |
| Apr 25, 2022 | MFA Native SDK v1.7.0 now supports authentication code flows for Android and iOS operating systems. See Authentication code flow. SDK v1.7.0 also supports elliptic-curve cryptography (ECC) for signing and verifying mobile requests. This feature uses iOS secure enclave capabilities. |
| Apr 25, 2022 | The platform now includes endpoints that initiate an authentication code flow. See MFA Authentication Code. The platform includes a new uriPrefix property on the application’s mobile object that specifies a valid app/universal link or app schema to enable direct triggering of the mobile application when scanning a QR code. See Application Operations. |
| Mar 11, 2022 | The platform now requires a minimum password length of 8 - 32 characters. For more information, see Password Policies. |
| Mar 07, 2022 | The platform now supports a hybrid flow authorization request, in which some tokens are returned from the authorization endpoint, and others are returned from the token endpoint. For more information, see GET Authorize (hybrid) and POST Authorize (hybrid). |
| Feb 09, 2022 | The platform now supports a policy.id property for MFA devices that specifies the device authentication policy ID associated with the device resource. For more information, see MFA Devices and MFA Pairing Keys. |
| Feb 04, 2022 | The platform now supports a PingFederate-SSO platform application, which is created automatically if the PingOne environment includes PingFederate. For more information, see Application Management. |
| Jan 13, 2022 | Custom risk predictors cannot be referenced as an attribute in a placeholder details list (${details.<attribute>}). See Custom risk predictor conditions in Risk Predictors for more information. |
| Dec 27, 2021 | The platform now supports configuring the whiteList property on a per risk predictor basis. For information about risk predictors that support the whiteList property, see Risk Predictors. |
| Dec 27, 2021 | The platform now supports the User Location Anomaly risk predictor. See Risk Predictors. |
| Dec 23, 2021 | For authorization requests that return an invalid request object error, the error message now includes additional details about the INVALID_VALUE. For example, the old detail message stated this: "The request parameter contains an invalid Request Object". The new detail message provides specific information about the validation error: "The request parameter contains an invalid Request Object: The token signature is invalid.". |
| Dec 17, 2021 | The Integration Catalog has been updated to easily retrieve application integration information and assets. |
| Dec 17, 2021 | The image service API now returns a regionalized URL for any new images uploaded. For example, if you are in the EU and use pingone.eu, then uploaded images will now be in this format “https://uploads.pingone.eu/environments/…” instead of “https://uploads.pingone.com/environments/…” . This regionalization is also applicable to uploaded images in the .asia and .ca regions. Old image URLs will still work as expected. For more information, see Images. |
| Dec 16, 2021 | The platform now supports configuration of policies for MFA enrollment and authentication transactions in PingOne Flows. The apiPath/environments/envID/deviceAuthenticationPolicy endpoint is deprecated, but still supported. No immediate code change are required, but it’s recommended to change to the new apiPath/environments/envID/deviceAuthenticationPolicies endpoint.See Device authentication policies that now supports the following operations: |
| Dec 15, 2021 | The platform now includes endpoints that initiate and complete an MFA action without requiring a call to the PingOne authorize service. For more information, see MFA Device Authentications. |
| Dec 15, 2021 | The platform now supports the ability to configure short codes and toll-free origination numbers to send SMS and voice notifications to recipients in multiple countries. See the supportedCountries property in the Custom provider phone number properties table. |
| Dec 12, 2021 | The platform now supports configuration of untrusted sender email addresses at the email notification template content level, when using a custom email sender. See Content properties. |
| Dec 08, 2021 | The platform now provides easier integration with custom providers’ remote gateways, including support for dispatching voice notifications. This implementation uses the GET and POST operations and customizable body and headers.Basic and bearer authentication methods are supported. See Phone delivery settings. |
| Dec 07, 2021 | The platform now includes decision endpoints that allow efficient evaluation of policies developed in the PingOneAuthorize Policy Editor Service. For more information, see PingOneAuthorize Policy Decision Service. |
| Nov 08, 2021 | The platform now supports a JSON array PATCH action to update targeted elements on a user object. For more information, see Update User (Patch JSON Array). |
| Oct 25, 2021 | The notifications settings property, notificationsSettings.defaultLanguage, has been removed from the platform. When required, notifications use the environment’s default language, which is set using the /environments/{{envID}}/languages endpoint. For information about notification content and language selection, see Runtime logic for content selection. For information about an environment’s default language, see Language Management. |
| Oct 04, 2021 | Ping Identity has added a Canada regional data center, that will provide enhanced performance and response on services for Canadian customers accounts hosted on this data center. Canada data center domains:
|
| Sep 30, 2021 | The platform now supports the Identity Data Read Only Admin role. See Roles. |
| Sep 30, 2021 | The platform now supports custom risk predictors. See Risk Predictors. |
| Sep 2, 2021 | The platform now supports connecting to external LDAP directories to validate user credentials. See Gateway Management. |
| Aug 31, 2021 | The platform now supports configuration of your own provider for dispatching SMS notifications. See Phone delivery settings. The phoneDeliverySettings.provider field now supports the new CUSTOM_PROVIDER valid value.The new POST Create Phone Delivery Settings and PUT Update Phone Delivery Settings operations use the new custom provider phone delivery settings properties:
Note: This implementation uses the POST operation and non-customizable body and headers. It requires customers to create a gateway that receives these requests in their simple, static format, and translates those requests into their custom provider’s supported SMS format. |
| Aug 12, 2021 | From MFA Native SDK v1.6.0, the platform supports mobile device integrity checks.
|
| Jul 29, 2021 | The following properties have been added to the risk evaluations details data model: state, city, previousSuccessfulTransaction.state, previousSuccessfulTransaction.city. See Risk evaluations. |
| Jul 26, 2021 | The platform now supports the Credentials Issuance service, enabling you to create custom verifiable credentials for users. See Credentials Issuance. |
| Jul 14, 2021 | The platform now supports configuration of your MFA authentication methods according to your security policies, including passcode refresh time (mobile applications), passcode retry attempts, passcode lifetime duration, and device block duration times. See Device authentication policies. |
| Jun 30, 2021 | The platform now supports dispatching SMS and voice notifications via your organization’s own Syniverse account in place of Ping Identity’s account or your own Twilio account. The phoneDeliverySettings.provider field now supports the new CUSTOM_SYNIVERSE valid value.The fallback option uses the smsProvidersFallbackChain property. For more information see Phone delivery settings. To configure an SMS and voice provider fallback chain see Notifications settings. |
| Jun 30, 2021 | The platform now supports pairing a phone number as an MFA method using a voice call OTP, and subsequent voice call OTP authentication notifications to paired phone numbers. The following new operations were added:Existing services have been extended to include voice OTP:
|
| May 06, 2021 | The platform now supports just-in-time provisioning of new users who authenticate with a registered authoritative external identity provider. See Identity Provider Management and Users. |
| May 05, 2021 | The platform now provides the number of OTP attempts remaining in the error message detail as part of the Check One-Time Passcode action and Activate MFA User Device action. |
| Apr 13, 2021 | The platform now provides a Risk Advanced Predictors endpoint to include advanced predictor criteria for risk policies. For more information, see PingOne Risk, Risk Advanced Predictors, and Risk Policies. |
| Apr 08, 2021 | If you attempt to create or update a custom content for an existing combination of template, locale, deliveryMethod and variant, you now get an INVALID_DATA/UNIQUENESS_VIOLATION error. |
| Mar 24, 2021 | The platform now provides a sign-on policy action that bypasses the PingOne sign-on screen and immediately redirects the user to an external identity provider’s sign-on workflow to authenticate. For more information, see Sign-On Policy Actions and External Authentication. |
| Mar 19, 2021 | The platform now provides a user account management endpoint to unlock a user account. For more information, see User Accounts, Users, Sign-On Policy Actions, MFA Settings, and Flows. |
| Feb 23, 2021 | The platform now supports the ability to prompt end users with your own legal text during registration and sign on. The platform records a user’s active consent to the document before proceeding with the flow. For more information, see Agreement Management, User Agreement Consents, Sign-On Policy Actions, and Flows. |
| Feb 23, 2021 | The platform now supports text and language customization for all end user interfaces and notifications. In this initial release, it supports the new Agreements (terms of service) feature. For more information, see Language Management. |
| Feb 03, 2021 | The platform now supports groups for users. For more information, see Groups. |
| Feb 03, 2021 | The platform now includes optional accessControl properties on applications that, when set, specify the conditions that must be met by an authenticating actor to access the application. For more information, see Control access to applications through roles and groups. |
| Feb 02, 2021 | The platform now supports multiple custom contents for each template + deliveryMethod + locale combination with the variant property. For more information, see Notifications templates. |
| Feb 02, 2021 | The platform now supports a custom notification with the creation of an email or SMS MFA device. For more information, see Custom device pairing notification with device creation. |
| Feb 1, 2021 | The platform now includes the PingOne Verify APIs, and the PingOne Verify native SDKs. |
| Jan 19, 2021 | The platform now includes endpoints to read and update MFA settings. For more information, see MFA Settings. |
| Jan 19, 2021 | The platform includes support for FIDO2 bound biometrics devices and FIDO2 or U2F security key devices. For more information, see FIDO2 Biometrics Devices. |
| Jan 11, 2021 | The platform now supports device ordering to create a default active device. For more information, see Device order. |
| Jan 08, 2021 | The platform now supports external registration, which provides a sign-on action to register a user using an external identity provider’s registration workflow. For more information, see Flows and Sign-On Policy Actions. |
| Dec 30, 2020 | The platform now supports a maximum allowed devices setting for paired devices and a device nickname property used during authentication. For more information, see Maximum allowed devices and Device properties. |
| Dec 14, 2020 | The platform now supports risk policy sets and risk evaluations. For more information, see PingOne Risk. |
| Dec 14, 2020 | The platform now supports using the token endpoint so that the client can make a token exchange request to the PingOne authorization server. For more information, see Token Exchange (Gateway Credential). |
| Dec 09, 2020 | The application protocol data model property no longer supports the NONE option. For more information, see Application Operations. |
| Dec 03, 2020 | Notifications content variables are now case insensitive. For more information, see Notifications Templates. |
| Oct 15, 2020 | The platform now supports an alerting service that delivers high-level email warnings about resource states. For more information, see Alerting. |
| Oct 13, 2020 | The platform now supports a Time-based One-time Password (TOTP) authenticator application device type. For more information, see Create MFA User Device (TOTP) and Sign-on Policy Actions. |
| Sep 29, 2020 | The platform now supports the PingOne MFA product. For more information, see Getting Started with PingOne MFA. |
| Sep 22, 2020 | The platform now supports the ability to select and customize the branding themes that you can apply to your sign-on screens. For more information, see Branding. |
| Sep 21, 2020 | The platform now supports self-management access control scopes that allow organizations to specify which user profile attributes are accessible to end users. For more information, see Access services through scopes and roles and Resource scopes. |
| Sep 14, 2020 | The platform now includes endpoints to manage Yahoo, Microsoft, GitHub, and PayPal external identity provider configurations. For more information, see Identity providers. |
| Jul 21, 2020 | The platform now supports the ability to configure a trusted email domain for each environment. A trusted email domain with its associated email addresses enable PingOne to send emails on your organization’s behalf. For more information see Trusted email domains and Trusted email addresses. |
| Jul 07, 2020 | The platform now supports configuration of sign-on policies to determine whether MFA is required for authentication requests detected as originating from an anonymous network such as an unknown VPN, proxy or anonymity communication tool such as Tor. It is possible to exclude specific IP addresses using a whitelist. See the anonymousNetwork condition in the Condition Variables table in the Sign-on Policy Actions page. |
| Jun 25, 2020 | The platform now includes endpoints to manage Apple external identity provider configurations. For more information, see Identity providers. |
| Jun 24, 2020 | The platform now includes endpoints to manage Amazon external identity provider configurations. For more information, see Identity providers. |
| Jun 24, 2020 | The platform now includes endpoints to manage Twitter external identity provider configurations. For more information, see Identity providers. |
| Jun 16, 2020 | The platform now supports despatching SMS notifications via your organization’s own Twilio account in place of Ping Identity’s account. This also allows for the option of falling back to Ping’s account in the event of notification failure, using the new smsProvidersFallbackChain property. For more information see Phone delivery settings. See Notifications settings to configure an SMS provider fallback chain. |
| Jun 16, 2020 | The platform now supports transaction approval when strong authentication is required for elevated security for a high value transaction, or high risk resource or service. This includes use of the new request property in the following OIDC operations: GET Authorize (authorization_code), POST Authorize (authorization_code), GET Authorize (implicit) and POST Authorize (implicit). Transaction approval also permits use of the new allowDynamicVariables property in Notifications templates. |
| Jun 16, 2020 | From Native SDK v1.3.0, the platform supports extra verification on device authorization. For more information see the extraVerification property in Sign-on policy actions. |
| May 05, 2020 | The platform now provides an interface for third-party auditing tools to subscribe to and consume PingOne audit activity events. For more information, see Subscriptions (webhooks). |
| Apr 30, 2020 | The platform now supports a token revocation endpoint. For more information, see Token revocation. |
| Apr 15, 2020 | The platform now supports an identity-provider initiated SAML authentication single sign-on flow. For more information, see SAML 2.0. |
| Apr 15, 2020 | The sign-on policy service now includes an IDENTIFIER_FIRST sign-on policy action. For more information, see Sign-on policy actions. |
| Apr 03, 2020 | The sign-on policy service now includes a PROGRESSIVE_PROFILING sign-on policy action. For more information, see Sign-on policy actions. |
| Apr 03, 2020 | The licenses and capabilities services now include properties that designate whether the license allows the creation of custom domains. For more information, see Licensing and Capabilities. |
| Apr 03, 2020 | The flow service has changed so that a session token cookie is set only after the identity of the user has been partially established. For more information, see Identity providers. |
| Apr 03, 2020 | The platform now includes endpoints to manage OpenID Connect external identity provider configurations. For more information, see Identity providers. |
| Mar 31, 2020 | The platform now supports configuration of sign-on policies to determine whether MFA is required for authentication requests detected as having high-risk IP reputation and geovelocity anomalies. See the geovelocity and IP reputation Condition variables on the Sign-on policy actions page. |
| Mar 31, 2020 | From Native SDK v1.2.0, the platform includes the ability to get logs from authenticating user native devices for investigation and support. See Devices API operations on the Devices page. |
| Mar 31, 2020 | From Native SDK v1.2.0, the platform includes the ability to send logs from authenticating user native devices to the PingOne server, for investigation and support. |
| Mar 31, 2020 | From Native SDK v1.2.0, the platform supports automatic device authentication. See PingOne Native SDK flows. |
| Mar 13, 2020 | The platform now includes an identity propagation API that provides for configurable and audit-capable propagation of identities and their attributes between identity stores owned or managed by a customer. For more information, see Identity propagation. |
| Mar 11, 2020 | The platform now includes an identity provider discovery login flow that initiates actions to identify the user and determine the applicable authentication methods for this user. For more information, see Identifier first action and Get a flow. |
| Mar 11, 2020 | The platform now includes a progressive profiling authentication flow that prompts users to provide additional data at sign on. For more information, see Progressive profiling action and Submit profile data. |
| Feb 19, 2020 | The set password action now includes an optional bypassPolicy property that specifies whether the user’s password policy should be ignored. For more information, see Set password. |
| Feb 10, 2020 | The platform now includes an endpoint to view and license capabilities. For more information, see Capabilities. |
| Jan 13, 2020 | The platform now includes an endpoint to view and update the name property value for a license. For more information, see Licensing. |
| Dec 17, 2019 | The platform now supports a token introspection endpoint. For more information, see Token introspection. |
| Dec 10, 2019 | The platform now supports password policy customization. For more information, see Password policies. |
| Dec 10, 2019 | The platform now supports configuration of a Proof Key for Code Exchange (PKCE) authorization workflow. For more information, see OpenID Connect/OAuth 2 and Configure a PKCE authorization workflow. |
| Dec 10, 2019 | The platform now supports custom domains. For more information, see Custom domains. |
| Dec 10, 2019 | The platform now includes endpoints to manage LinkedIn external identity provider configurations. For more information, see Identity providers. |
| Dec 10, 2019 | The platform now includes endpoints to customize ID tokens for a OIDC applications. For more information, see Attribute mapping. |
| Dec 09, 2019 | The Native SDK supports automatic enrollment through OIDC authentication. |
| Oct 10, 2019 | The Native SDK sample app for Android now has notification banners. |
| Oct 10, 2019 | The Native SDK Android component dependencies have been updated: the Nimbus library has been replaced by Jose4J. See Pingone Native SDK > Android > Set up a native app using the PingOne SDK sample code > Add the PingOne SDK component into your existing project. |
| Oct 10, 2019 | The iOS Native SDK API now requires Swift 5.1. See Pingone Native SDK > iOS > Set up a native app using the PingOne SDK sample code > Xcode integration for software prerequisites. |
| Oct 10, 2019 | Logs appeared in the Android developer console. This has been resolved so that they no longer appear. (P14CMFA-3242) |
| Oct 03, 2019 | The platform now includes endpoints to view authentication statistics on a per application basis. For more information, see Authentications per application. |
| Aug 30, 2019 | The platform now includes endpoints to manage Google external identity provider configurations. For more information, see Identity providers. |
| Aug 30, 2019 | The platform now supports access token customization. For more information, see Access token customization. |
| Aug 19, 2019 | The platform now includes a basic password policy to allow for maximum customer flexibility. For more information, see Password policies. |
| Aug 14, 2019 | Sign-on policy action condition attributes now require camelCase syntax for attribute names (for example, ipRange, secondsSince). For more information, see Sign-on policy actions. |
| Jul 31, 2019 | The platform now supports the refresh_token grant type. For more information, see Access tokens and ID tokens and Obtain an access token. |
| Jul 31, 2019 | The platform now supports a native SDK that allows developers to send push notifications to custom native applications for multi-factor authentication (MFA). For more information, see Pairing keys, Android PingOne Native SDK API, and iOS PingOne Native SDK API. |
| Jul 31, 2019 | The following template IDs (see Notifications templates) have changed:
GET /environments/{{envID}}/templates endpoint will return the new template IDs, instead of the old ones. The deprecated offline_pairing and offline_authentication template IDs are still supported for backward compatibility, but will be unsupported at a future date. |
| Jul 02, 2019 | The platform now includes endpoints to manage external identity provider configurations that enable social login and inbound SAML login features in PingOne. It also includes endpoints to manage a user’s links to external identity provider accounts. For more information, see Identity providers and Linked accounts. |
| Jun 25, 2019 | The platform now includes endpoints to get information about the licenses associated with an organization. For more information, see Licensing. |
| Jun 25, 2019 | The platform now includes endpoints to get information about active identity counts and total identity counts. For more information, see Active identity counts and Total identities. |
| Jun 13, 2019 | The file import feature is temporarily disabled. It will be enabled in a future release. |
| Apr 15, 2019 | The platform now supports a passwordless authentication flow. For more information, see Sign-on with a username and Configure a passwordless sign-on policy. |
| Apr 01, 2019 | PATCH requests that modify custom JSON user attributes are replaced completely. For more information, see Users: Partial update. |
| Apr 01, 2019 | Sign on policy actions now support a policy condition language that allows both logical and data rules to construct a policy condition statement. For more information, see Sign-on policy action conditions. |
| Mar 25, 2019 | Platform scopes, such as p1:read:env:user, p1:create:env:device, and p1:update:env:population, have been removed. In order to access platform APIs, you must create a new WORKER application type. For more information, see Access through scopes and roles. |
| Mar 25, 2019 | Scopes with “self” in the name have been renamed. Example: p1:reset:self:userPassword is now p1:reset:userPassword. For more information, see Access through scopes and roles. |
| Mar 01, 2019 | The SAML attribute mappings data model now includes a mappingType attribute to identify CORE, SCOPE and CUSTOM mapping types. For more information, see Attribute mapping. |
| Feb 18, 2019 | The following templates are available for use with notifications templates: verification_code_template, recovery_code_template, offline_authentication, and offline_pairing. For more information, see Notifications templates and Notifications settings. |
| Jan 28, 2019 | The flow service no longer uses the /step/{{stepID}} sub-resource, and it no longer shows multiple statuses and nested embedded resources. The status property in the flow response contains all information about the flow’s current state. For more information, see Flows. |
| Jan 22, 2019 | Audit reporting supports a POST operation to retrieve audit events without exposing sensitive or personal filtering information in a GET request URL. The required SCIM filtering expression is specified in the POST request body. For more information, see Get audit activities using POST. |
| Jan 21, 2019 | The data model for SAML application settings requires a leading dollar sign ($) when specifying the expression in the value attribute. For example, "value": "${user.username}". For more information, see SAML application attribute mappings. |
| Jan 11, 2019 | The GET /environments/{{envID}}/activities endpoint no longer supports the in (includes) SCIM operator. For more information, see Audit activities and events. |
For more information about PingOne product updates, see Release Notes.