Sign-on policies (identified in the PingOne UI as “Authentication Policy”) determine the account authentication flow users must complete to access applications secured by PingOne services.
Sign-on policies are defined by their associated actions. For example, the LOGIN action prompts users for a username and password. The MULTI_FACTOR_AUTHENTICATION action prompts users to complete a second authentication action, such as entering a one-time passcode received on a registered device or accepting a push confirmation on a registered native device.
For more information about sign-on policies, see Authentication policies in the PingOne Admin Guide.
An application’s sign-on policy determines the flow states and the corresponding actions required to complete an authentication workflow. The following diagram shows the PingOne platform sign-on policy selection logic:
When the authentication workflow begins, the flow gets the list of sign-on policies assigned to the application and evaluates the policy conditions that must be met to complete sign on. The sign-on policy evaluation logic is shown in the diagram below:
The /environments/{{envID}}/signOnPolicies endpoint provides operations to create, read, update, and delete sign-on policies.
For more information, see Sign-On Policies.
The /environments/{{envID}}/signOnPolicies/{{policyID}}/actions endpoint provides operations to create, read, update, and delete sign-on policy actions.
For more information, see Sign-On Policy Actions.