Sign-on policies determine the account authentication flow users must complete to access applications secured by PingOne services. PingOne provides the following pre-defined sign-on policy configurations:
Single_Factor
A sign-on policy that prompts users to enter a username and password to authenticate the account.
Multi_Factor
A sign-on policy that requires a two-step authentication workflow in which users take the following actions:
Sign-on policies are defined by their associated actions. For example, the Single-Factor
sign-on policy resource uses a defined LOGIN
action that prompts users for a username and password. The Multi-Factor
sign-on policy resource uses a defined MULTI_FACTOR_AUTHENTICATION
action that prompts users to complete a second authentication action, such as entering a one-time password received on a registered device or accepting a push confirmation on a registered mobile device.
The Multi-Factor
sign-on policy can also be used to configure a PASSWORDLESS
authentication method. The authentication flow first identifies the user by the username
property and determines the applicable second factor to complete authentication.
The actions associated with a sign-on policy resource can be modified using a PUT
request. The examples that follow show common operations to create and manage sign-on policies resources. You need the Environment Admin role to perform operations on sign-on policy resources.
Property | Description |
---|---|
createdAt |
The time the resource was created. |
default |
A boolean that specifies whether this sign-on policy is the environment’s default that is used by applications that do not have application-specific sign-on policy assignments. This property can only be set to true , in which case the isDefault property of all other sign-on policies are set to false . |
description |
A string that specifies the description of the sign-on policy. |
enabled |
A boolean that specifies whether the sign-on policy is enabled and can be assigned to applications. This property must be set to false when creating a new sign-on policy, and it can be set to true only for policies with one or more actions. The environment’s default policy cannot be disabled, and disabling a sign-on policy deletes any corresponding assignments. |
environment.id |
A string that specifies the environment resource’s unique identifier associated with the sign-on policy. |
id |
A string that specifies the sign-on policy resource’s unique identifier. |
name |
A string that specifies the resource name. The name must be unique within the environment, and can consist of either a string of alphanumeric letters, underscore, hyphen, period: ^[a-zA-Z0-9_. -]+$ or an absolute URI if the string contains a “:” character. |
updatedAt |
The time the resource was last updated. |
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
404 | The requested resource was not found. |