The capabilities service provides operations to determine what an organization or an environment is capable of doing within PingOne with respect to:
The organization’s current PingOne license.
The current utilization of PingOne resources.
The current PingOne system limits.
The products and services included in the environment’s bill of materials.
The Capabilities service is closely associated with the Licenses and Bill of Materials (BOM) services. The PingOne license and BOM identify the Ping Identity products associated with your organization and environment, but these services do not enumerate the specific actions you can perform. You can use the capabilities service to check the capabilities provided by the current license and the environment’s BOM. For example, if the organization-level capability canCreateEnvironment
is set to true
, it shows that the license grants you the capability to create new environments. Likewise, there can be numerous capabilities at the environment level, depending on the products in the BOM. The following list shows some of the actions that you might be able to perform:
"canUseCredentials": false,
"canUseCredentialsPushNotifications": false,
"canUseCustomSchema": true,
"canUseDaVinciAdminPortal": true,
In this case, you can implement a custom user schema and you can access the DaVinci admin portal, but you cannot perform actions that use credentials or credential-based push notifications.
To see the effects of these events for an API call, see the event types in the Audit Report, Audit Activities API, or Webhook stream.
The audit reporting events applicable to the capabilities service history are:
Service | Event |
---|---|
capabilities |
ENVIRONMENT.CAPABILITIES |
capabilities |
ORGANIZATION.CAPABILITIES |
Property | Type | Required? | Mutable? | Description |
---|---|---|---|---|
assignableLicenses.allowProduction |
Boolean | Required | Read-only | Whether the license allows production environments. |
assignableLicenses.beginsAt |
Date | Required | Read-only | When the license period starts. |
assignableLicenses.expiresAt |
Date | Required | Read-only | When the license period ends. |
assignableLicenses.id |
String | Required | Read-only | The license ID for a license that can be assigned to the organization. |
assignableLicenses.name |
String | Required | Read-only | The name of a license that can be assigned to the organization. |
assignableLicenses.supportedRegions |
Array [String] | Required | Read-only | The names of the supported regions for a license that can be assigned to the organization. |
canContactSupport |
Boolean | Required | Read-only | Whether the organization can contact PingOne support. |
canCreateEnvironment |
Boolean | Required | Read-only | Whether the organization can create an environment. A return value of false specifies that the organization’s maximum number of environments has been reached. |
canCreateEphemeralTrialLicenses |
Boolean | Required | Read-only | Whether the organization can create short-term trial licenses. |
canUsePlatform |
Boolean | Required | Read-only | The status of the associated license. Return values are true (ACTIVE) and false (TERMINATED). |
organizationId |
String | Required | Read-only | The ID of the organization. |
Property | Type | Required? | Mutable? | Description |
---|---|---|---|---|
canAddResources |
Boolean | Required | Read-only | Whether the license supports creation of resources in the specified environment. |
canAssignUsersRoles |
Boolean | Required | Read-only | Whether the license supports role assignments in the specified environment. |
canContactSupport |
Boolean | Required | Read-only | Whether the license allows contact of PingOne Support. |
canCreateConnections |
Boolean | Required | Read-only | Whether the license supports creation of a application connections in the specified environment. |
canCreateCustomDomain |
Boolean | Required | Read-only | Whether the license supports creation of a custom domain in the specified environment. |
canPromoteToProd |
Boolean | Required | Read-only | Whether the environment’s type property can be promoted from SANDBOX to PRODUCTION . |
canSendMfaNotificationsOutsideWhitelist |
Boolean | Required | Read-only | Whether the license supports sending notifications outside of the environment’s whitelist. |
canSendPasswordManagementNotifications |
Boolean | Required | Read-only | Whether the license supports sending password management notifications. |
canSendVerificationFlowNotifications |
Boolean | Required | Read-only | Whether the license supports sending verification flow notifications. |
canUseAamva |
Boolean | Required | Read-only | Whether the license supports using additional verification support with American Association of Motor Vehicle Administrators (AAMVA). |
canUseAamvaTransactions |
Boolean | Required | Read-only | Whether the license supports using AAMVA transactions. |
canUseAccountProtection |
Boolean | Required | Read-only | Whether the license supports using account protection. |
canUseAccountTakeoverDetection |
Boolean | Required | Read-only | Whether the license supports using account takeover detection. |
canUseApiAccessManagement |
Boolean | Required | Read-only | Whether the license supports using API Access Management services. |
canUseBotMaliciousDeviceDetection |
Boolean | Required | Read-only | Whether the license supports using malicious BOT device detection capabilities. |
canUseCredentialSharingDetection |
Boolean | Required | Read-only | Whether the license supports using credential sharing detection capabilities. |
canUseCredentials |
Boolean | Required | Read-only | Whether the license supports using credentials services. |
canUseCredentialsPushNotifications |
Boolean | Required | Read-only | Whether the license supports using credentials push notifications services. |
canUseCustomSchema |
Boolean | Required | Read-only | Whether the license supports using custom schema tributes in the specified environment. |
canUseDaVinciAdminPortal |
Boolean | Required | Read-only | Whether the license supports using the DaVinci admin portal. |
canUseDataAnalyticsSupport |
Boolean | Required | Read-only | Whether the license supports using data analytics support services. |
canUseDigitalVerifications |
Boolean | Required | Read-only | Whether the license supports using digital verifications services. |
canUseDocumentMatch |
Boolean | Required | Read-only | Whether the license supports using document match services. |
canUseDynamicAuthorization |
Boolean | Required | Read-only | Whether the license supports using dynamic authorization services. |
canUseEmailOtp |
Boolean | Required | Read-only | Whether the license supports using email OTP capabilities. |
canUseFaceMatch |
Boolean | Required | Read-only | Whether the license supports using face match capabilities. |
canUseFraudDataEnrichment |
Boolean | Required | Read-only | Whether the license supports using fraud data enrichment capabilities. |
canUseIdentities |
Boolean | Required | Read-only | Whether the license supports using identities. |
canUseIdentityProviders |
Boolean | Required | Read-only | Whether the license supports using external identity providers in the specified environment. |
canUseInboundProvisioning |
Boolean | Required | Read-only | Whether the license supports using inbound provisioning services. |
canUseIntelligence |
Boolean | Required | Read-only | Whether the license supports using PingIntellegence capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products. |
canUseIntelligenceAdvancedPredictors |
Boolean | Required | Read-only | Whether the license supports using PingIntellegence advanced predictors capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products. |
canUseIntelligenceAnonymousNetworkDetection |
Boolean | Required | Read-only | Whether the license supports using PingIntellegence anonymous network detection capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products. |
canUseIntelligenceDataConsent |
Boolean | Required | Mutable | Whether the customer consents to user and event behavior analytics (UEBA) collection capabilities in the specified environment. This capability applies to the PingOne Protect product. |
canUseIntelligenceGeoVelocity |
Boolean | Required | Read-only | Whether the license supports using PingIntellegence geovelocity capabilities in the specified environment when a geovelocity anomaly is detected. This capability applies to the PingOne Platform and PingOne MFA products. |
canUseIntelligenceProtect |
Boolean | Required | Read-only | Whether the license supports using protect capabilities in the specified environment. This capability applies to the PingOne Protect product. |
canUseIntelligenceReputation |
Boolean | Required | Read-only | Whether the license supports using PingIntellegence reputation capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products. |
canUseIntelligenceRisk |
Boolean | Required | Read-only | Whether the license supports using Risk capabilities in the specified environment. This capability applies to the PingOne Protect product. |
canUseKerberosGateway |
Boolean | Required | Read-only | Whether the license supports using Kerberos gateway services. |
canUseLdapGateway |
Boolean | Required | Read-only | Whether the license supports using LDAP gateway services. |
canUseManualIDStepUpInspection |
Boolean | Required | Read-only | Whether the license supports using manual ID step-up inspection services. |
canUseManualIdInspection |
Boolean | Required | Read-only | Whether the license supports using manual ID inspection services. |
canUseMfa |
Boolean | Required | Read-only | Whether the license supports using MFA in the specified environment. |
canUseMfaFido2Devices |
Boolean | Required | Read-only | Whether the license supports MFA operations on FIDO2 devices. |
canUseMfaPushNotifications |
Boolean | Required | Read-only | Whether the license supports MFA push authentication for native applications in the specified environment. |
canUseMfaVoiceOtp |
Boolean | Required | Read-only | Whether the license supports MFA voice OTP for native applications in the specified environment. |
canUseMyAccount |
Boolean | Required | Read-only | Whether the license supports using the My Account capabilities in the specified environment. |
canUseNewAccountFraudDetection |
Boolean | Required | Read-only | Whether the license supports using new account fraud detection capabilities in the specified environment. |
canUseOrchestration |
Boolean | Required | Read-only | Whether the license supports using orchestration capabilities in the specified environment. |
canUsePasswordManagement |
Boolean | Required | Read-only | Whether the license supports using password management capabilities in the specified environment. |
canUsePasswordOnlyAuthentication |
Boolean | Required | Read-only | Whether the license supports using password only login capabilities in the specified environment. |
canUsePasswordPolicy |
Boolean | Required | Read-only | Whether the license supports using password policies in the specified environment. |
canUsePlatform |
Boolean | Required | Read-only | The status of the associated license. Return values are true (ACTIVE) and false (TERMINATED). |
canUseProtectTransactions |
Boolean | Required | Read-only | Whether the license supports using protect transaction capabilities in the specified environment. |
canUseProvisioning |
Boolean | Required | Read-only | Whether the license supports using provisioning capabilities in the specified environment. |
canUseRadiusGateway |
Boolean | Required | Read-only | Whether the license supports using radius gateway services. |
canUseSmsOtp |
Boolean | Required | Read-only | Whether the license supports using SMS OTP capabilities. |
canUseTotp |
Boolean | Required | Read-only | Whether the license supports using TOTP capabilities. |
canUseVerificationFlow |
Boolean | Required | Read-only | Whether the license supports using verification flows in the specified environment. |
canUseVerify |
Boolean | Required | Read-only | Whether the license supports using Verify in the specified environment. |
canUseVerifyPushNotifications |
Boolean | Required | Read-only | Whether the license supports using verify push notifictions capabilities in the specified environment. |
canUseVerifyVoice |
Boolean | Required | Read-only | Whether the license supports using verify voice capabilities in the specified environment. |
canUseVoiceBiometrics |
Boolean | Required | Read-only | Whether the license supports using biometric voice capabilities in the specified environment. |
canUseUniversalCapture |
Boolean | Required | Read-only | Whether the license supports using universal capture capabilities in the specified environment. |
canUsersUpdateSelf |
Boolean | Required | Read-only | Whether the license supports allowing users to update their own profile. |
environmentId |
String | Required | Read-only | The ID of the environment. |
Code | Message |
---|---|
200 | Successful operation. |
400 | The request could not be completed. |
401 | You do not have access to this resource. |
403 | You do not have permissions or are not licensed to make this request. |
404 | The requested resource was not found. |
You need Organization Admin role or the Environment Admin role to get the capabilities for an organization or an environment, respectively. For more information about roles, see Roles.