Sign-on policies determine the account authentication flow users must complete to access applications secured by PingOne services. PingOne provides the following pre-defined sign-on policy configurations:
Single_Factor
A sign-on policy that prompts users to enter a username and password to authenticate the account.
Multi_Factor
A sign-on policy that requires a two-step authentication workflow in which users take the following actions:
Sign-on policies are defined by their associated actions. For example, the Single-Factor sign-on policy resource uses a defined LOGIN action that prompts users for a username and password. The Multi-Factor sign-on policy resource uses a defined MULTI_FACTOR_AUTHENTICATION action that prompts users to complete a second authentication action, such as entering a one-time password received on a registered device or accepting a push confirmation on a registered native device.
The Multi-Factor sign-on policy can also be used to configure a PASSWORDLESS authentication method. The authentication flow first identifies the user by the username property and determines the applicable second factor to complete authentication.
The actions associated with a sign-on policy resource can be modified using a PUT request. The examples that follow show common operations to create and manage sign-on policies resources. You need the Environment Admin role to perform operations on sign-on policy resources.
| Property | Description |
|---|---|
createdAt |
The time the resource was created. |
default |
A boolean that specifies whether this sign-on policy is the environment’s default that is used by applications that do not have application-specific sign-on policy assignments. This property can only be set to true, in which case the isDefault property of all other sign-on policies are set to false. |
description |
A string that specifies the description of the sign-on policy. |
enabled |
A boolean that specifies whether the sign-on policy is enabled and can be assigned to applications. This property must be set to false when creating a new sign-on policy, and it can be set to true only for policies with one or more actions. The environment’s default policy cannot be disabled, and disabling a sign-on policy deletes any corresponding assignments. |
environment.id |
A string that specifies the environment resource’s unique identifier associated with the sign-on policy. |
id |
A string that specifies the sign-on policy resource’s unique identifier. |
name |
A string that specifies the resource name. The name must be unique within the environment, and can consist of either a string of alphanumeric letters, underscore, hyphen, period: ^[a-zA-Z0-9_. -]+$ or an absolute URI if the string contains a “:” character. |
updatedAt |
The time the resource was last updated. |
| Code | Message |
|---|---|
| 200 | Successful operation. |
| 201 | Successfully created. |
| 204 | Successfully removed. No content. |
| 400 | The request could not be completed. |
| 404 | The requested resource was not found. |