The PingOne connector has capabilities that you can tie together to achieve your desired outcome. The connector acts like a worker application with each capability calling one or more endpoints in PingOne using your application for authentication.

You can use the PingOne connector to:

  • Create a sign-on flow for authentication
  • Reset a user's password
  • Register new users in the PingOne user store
  • Unlock a locked user account
  • Create, edit, and delete users in the PingOne user store
  • Verify a user's email address
  • View a user's population
  • Manage a user's group memberships
  • Manage user groups
  • View agreements and consents for a user
  • Migrate users from an LDAP datastore to PingOne
  • Authenticate users through Kerberos

Setup

Resources

For information and setup help, see the following sections of the PingOne documentation:

Requirements

To use the connector, you'll need:

Setting up PingOne

Setting up your PingOne environment

Adding a Worker application

Add a Worker application in the PingOne console before setting up the PingOne connector in DaVinci.

  1. In the PingOne console, add a Worker app. See Adding an application.
    Note:

    Attribute mappings are not required.

  2. Ensure that you set the authentication method as Client secret basic.

    The PingOne connector receives a token using your application’s credentials.

  3. Enable the application. See Enabling or disabling an application.

    The capabilities in the PingOne connector call endpoints in PingOne with a token received using the application’s credentials. To enable all capabilities, your application needs the required role assignments for the associated capability. If the application doesn't have the required role assignment, you'll see error messages stating that the required authorization isn't configured.

Assigning Roles to the application

To use the appropriate capabilities, the Worker app used by the connector needs the Environment Admin and Identity Data Admin roles.

Note:

The user that creates the Worker app must have the Environment Admin and Identity Data Admin roles to assign the roles to a Worker app.

  1. In your PingOne environment, go to Applications > Applications.

    If you haven't added the application yet, see Adding an application.

  2. Locate the appropriate application and click it to open the details panel.
  3. Click the Roles tab and then click the Pencil icon to edit the roles.
  4. Review the assigned roles to ensure that they include Environment Admin and Identity Data Admin roles. If not, click + Add role to assign them.

Getting your application credentials

Get the Client ID and Client secret from the PingOne console before setting up the PingOne connector in DaVinci.

  1. In your PingOne environment, go to Applications > Applications.

    If you haven't added the application yet, see Adding an application.

  2. Locate the appropriate application and click it to open the details panel.
  3. On the Configuration tab, expand General and locate the Client ID and Client secret. Copy these values to a secure location.

Getting your environment details

Get your Environment ID and Region before setting up the PingOne connector in DaVinci.

  1. In your PingOne environment, go to Settings > Environment Properties.
  2. Locate the Environment ID and Region. Copy these values to a secure location.

Setting up the PingOne connector configuration

In DaVinci, add a PingOne connection. For help, see Adding a connector.

Connector configuration

Environment ID
The unique identifier for the appropriate PingOne environment. To find the environment ID, see Environment properties.
Client ID
The unique public identifier for the PingOne application. To find the client ID, see Viewing application details.
Client secret
The cryptographic secret that is known only to the application and the authorization server. To find the client secret, see Viewing a client secret .
Region
The geographic region that hosts your PingOne tenant. To find the region, see Environment properties.

Using the connector in a flow

You can use sample flows as a starting point or create your own flows to satisfy your requirements. The following section shows some popular sample flows. Open the Flow Library to see them all.

Authenticating users and resetting passwords

Use this flow to create authentication flows that include the ability for users to reset or recover their passwords.

Search for PingOne - Sign On and Password Reset in the Flow Library

For help, see the Creating an authentication flow guide.

Registering users and setting up MFA

Use this flow to create registration flows with optional user enrollment to MFA.

Search for PingOne - Register with verify email and MFA enrollment in the Flow Library

For help, see the Creating an authentication flow guide.

Authenticating users with Risk and MFA

Use this flow to create sign-on flows that include a password check and a conditional step-up to second-factor authentication using PingOne Risk.

Search for PingOne - Sign On and Adaptive MFA in the Flow Library

For help, see the Creating an authentication flow guide.

Registering users with agreements and verifying email

Use this flow to create registration flows that include email address verification and agreement consent.

Search for PingOne - Register with Agreements and Verify Email in the Flow Library

For help, see the Creating an authentication flow guide.

Registering users and verifying email

Use this flow to create registration flows that include email address verification.

Search for PingOne - Register with Verify Email in the Flow Library

For help, see the Creating an authentication flow guide.

Managing group memberships

The connector has several capabilities that allow you to manage the groups that a user belongs to in PingOne:

  • Read User Group Membership
  • Create User Group Membership
  • Delete User Group Membership

No special flow configuration is needed. Add the capability that you want and populate its properties according to the help text.

Managing user groups

The connector has several capabilities that allow you to manage groups.

  • Create Group
    • Create a new user group in PingOne. Only the Group Name is required.
  • Read Group
    • Read a user group. Only the Group ID is required.
  • Update Group
    • Update an existing user group with the supplied information. The Group ID is required to verify the group exists and the Group Name is required only when updating a group.
  • Delete Group
    • Delete a specified group. Only the Group ID is required.
  • Read Group Members
    • Read up to 100 users within a group. The list is filterable by match attributes and an identifier. Only the Group ID is required.

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Migrating users from an external directory to PingOne

The connector allows you to use your existing authentication flow to migrate users to the PingOne user store from an external directory.

Tip:

For help setting up a directory as a gateway in PingOne, see Gateways and Adding a gateway.

In your authentication flow, add the PingOne connector with the Migrate User Through Gateway capability. This capability validates the user's credentials against the directory for authentication, then migrates the user account to PingOne.

The Gateway User Type List property allows you to filter by specific gateways and user types.

Authenticate users via Kerberos

Use this capability to use Kerberos to seamlessly authenticate users who have user records in an on-premises Microsoft Active Directory.

In the flow example below, a user is authenticated using Kerberos when the user does not have a session.

The example flow contains the following nodes:

The PingOne Authentication node checks if the user has a session in PingOne.

The PingOne node authenticates the user via Kerberos if the user does not have a session and evaluates as follows:
  • Successful: The PingOne Authentication node returns a success response.
  • Failure: The Username/Password Form node asks for the user’s username and password and the flow continues to the Button Pressed node. The user has the options to press:
    • Submit: The user submits login and the flow continues to the Sign In node, the User Lookup node, and PingOne node where a user migrates through a gateway and lastly continues on to the Check Password node.
    • Forgot Password: Flow continues to Forgot Password node.
    • No match: Flow continues to the An Unexpected Error node where a custom error message is displayed.
Tip:
For help setting up Active Directory as a gateway in PingOne, see the following:

For help using the connector in a flow, see Creating an authentication flow in the PingOne DaVinci documentation.

Capabilities

Find User

Find a user by identifier.

Details
Details
Properties
Custom SCIM Filter toggleSwitch
SCIM Filter textField
PingOne Attributes textFieldArrayView

Enter the PingOne attributes you want to use to find a user, such as username, userID, or email.

Identifier textField

Enter the identifier, which was captured earlier in the flow, that you want to use to find a user. For example, if the attributes specified are email and username, and the identifier is username, the system will search for users whose email or username match the value captured under username.

Return User Password Status toggleSwitch

The output will include a property named 'passwordStatus' which correlates to the user's password state status in PingOne.

Input Schema
default object
matchAttributes array uniqueItems: true
items array
type string
maxLength maxLength: 255
userIdentifierForFindUser string

User attribute to match attributes.

returnUserPasswordStatus boolean
scimFilter string

SCIM filter to match users.

Output Schema
output object
matchedUser object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
passwordStatus string
rawResponse object
headers object
statusCode integer
Find Multiple Users

Find a set of users by an identifier.

Details
Details
Properties
Custom SCIM Filter toggleSwitch
SCIM Filter textField
PingOne Attributes textFieldArrayView

Enter the PingOne attributes you want to use to find a user, such as username, userID, or email.

Identifier textField

Enter the identifier, which was captured earlier in the flow, that you want to use to find a user. For example, if the attributes specified are email and username, and the identifier is username, the system will search for users whose email or username match the value captured under username.

Input Schema
default object
matchAttributes array uniqueItems: true
items array
type string
maxLength maxLength: 255
userIdentifierForFindUser string

User attribute to match attributes.

scimFilter string

SCIM filter to match users.

Output Schema
output object
matchedUsers array
items array
type object
properties {"type":"string"}
count integer
rawResponse object
properties object
_embedded object
properties object
matchedUsers array
items array
type object
properties {"type":"string"}
count integer
headers object
statusCode integer
Check Password

Validate a user's password.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Password textField

The user's password to validate.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

password string required minLength: 1

Password

Output Schema
output object
passwordState object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
rawResponse object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
headers object
statusCode integer
Create User

Create a user with the attribute values provided.

Details
Details
Properties
Username textField required

The unique identifier for the user.

Population dropDown

The name of the population.

  • Use Population ID (Default)
Population ID textField

The unique identifier for the population.

Password textField
Given Name textField
Family Name textField
Email textField
Primary Phone textField
Mobile Phone textField
Preferred Language textField
Locale textField
Other Attributes variableInputList

Add other attributes and their values.

Lifecycle Status dropDown

Indicate whether new users must initially verify their identities through email. If they do, they will receive an email containing a verification code when their accounts are created.

  • ACCOUNT_OK (Default)
  • VERIFICATION_REQUIRED
Input Schema
default object
population string required minLength: 0 maxLength: 100

Population

populationId string minLength: 0 maxLength: 100

Population ID

given string
family string
email string
primaryPhone string
mobilePhone string
username string required
preferredLanguage string
locale string
passwordForCreateUser string
lifecycleStatus string required
Output Schema
output object
user object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
rawResponse object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
headers object
statusCode integer
Read User

Find user information.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

Output Schema
output object
user object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
rawResponse object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
headers object
statusCode integer
Update User

Update user attributes.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Username textField required

The unique identifier for the user.

Given Name textField
Family Name textField
Email textField
Primary Phone textField
Mobile Phone textField
Preferred Language textField
Locale textField
Other Attributes variableInputList

Add other attributes and their values.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

given string
family string
email string
primaryPhone string
mobilePhone string
username string required
preferredLanguage string
locale string
Output Schema
output object
user object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
rawResponse object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
headers object
statusCode integer
Delete User

Delete users.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

Output Schema
output object
rawResponse object
headers object
statusCode integer
Update User Status

Enable or disable user accounts.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Enable User toggleSwitch

Enable or disable the user's account.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

enabled boolean required

Enable Status Of User

Output Schema
output object
user object
properties object
enabled boolean
rawResponse object
properties object
enabled boolean
headers object
statusCode integer
Send Email Verification Code

Send a verification code to the user that can be used to verify their email.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

Output Schema
output object
user object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
rawResponse object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
headers object
statusCode integer
Validate Verification Code

Verifies the provided code that was sent to a user's email during account creation.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Verification Code textField

The code emailed to the user to verify their email address.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

verificationCode string required minLength: 0 maxLength: 100

Code to verify a user's account

Output Schema
output object
user object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
rawResponse object
headers object
statusCode integer
Send Password Recovery Code

Send recovery codes to users' email addresses to recover forgotten passwords.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

Output Schema
output object
passwordState object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
rawResponse object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
headers object
statusCode integer
Validate Password Recovery Code

Validate recovery codes and allow users to reset their passwords.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Recovery Code textField

The code to validate.

New Password textField

The user's new password.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

recoveryCode string required
newPassword string required minLength: 1
Output Schema
output object
passwordState object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
rawResponse object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
headers object
statusCode integer
Change Password

Change a user's password to a new password using their current password for validation.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Current Password textField

The user's current password.

New Password textField

The user's new password.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

newPassword string required minLength: 1
currentPassword string minLength: 1
Output Schema
output object
passwordState object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
rawResponse object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
headers object
statusCode integer
Set Password

Set a user's password, optionally forcing the user to change password at next login.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Password Value textField

The user's new password, which can be in a cleartext or pre-encoded format.

Force Change Password toggleSwitch

Indicate whether the user must change their password the next time they sign on.

Bypass PingOne Password Policy toggleSwitch

Indicate whether the password policy used to authenticate the user's population should be ignored.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

passwordValue string required minLength: 1
forceChange boolean
bypassPolicy boolean
Output Schema
output object
passwordState object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
rawResponse object
properties object
environment object
properties object
id string
user object
properties object
id string
passwordPolicy object
properties object
id string
warnings object
properties object
expires string
noChangeUntil string
failuresRemaining number
status string
lastChangedAt string
headers object
statusCode integer

Create an account link for a user.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

External ID textField

ID of a user at an identity provider.

Identity Provider dropDown

The name of the PingOne Identity Provider.

  • Use Identity Provider ID (Default)
Identity Provider ID textField

ID of the PingOne Identity Provider.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

identityProvider string required minLength: 0 maxLength: 100

The id of the identity provider the account link is for

identityProviderId string minLength: 0 maxLength: 100

The id of the identity provider the account link is for

externalId string required minLength: 0 maxLength: 3000

The id of the account at the identity provider

Output Schema
output object
id string
environment object
properties object
id string
identityProvider object
properties object
id string
user object
properties object
id string
externalId string

Reads account links for a user

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

Output Schema
output object
linkedAccounts array
items array
type object
properties
rawResponse object
properties object
_embedded object
properties object
linkedAccounts array
items array
type object
properties
count number
size number
headers object
statusCode integer

Delete a users account link

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Account link ID textField

ID of the account link.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

accountLinkId string required minLength: 0 maxLength: 100

Account link ID

Output Schema
output object
headers object
statusCode integer
Check User Agreement

Indicate whether users need to accept or sign agreements before proceeding.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Agreement dropDown

The name of the agreement.

  • Use Agreement ID (Default)
Agreement ID textField

A unique identifier for the agreement the user has accepted or signed.

Accept Language textField

The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

agreementId string minLength: 0 maxLength: 100

Agreement ID

acceptLanguage string minLength: 0 maxLength: 100

BCP 47 Language tag used as Accept-Language header

Output Schema
output object
agreementPresentation object
properties object
agreementPresentationId string
agreementText string
agreementTitle string
agreementAcceptCheckboxText string
agreementContinueButtonText string
agreementDeclineButtonText string
userAgreement object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
rawResponse object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
headers object
statusCode integer
Read User Agreements

Find information about agreements users have accepted or signed.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Accept Language textField

The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

acceptLanguage string minLength: 0 maxLength: 100

BCP 47 Language tag used as Accept-Language header

Output Schema
output object
userAgreements array
items array
type object
properties
rawResponse object
properties object
_embedded object
properties object
userAgreements array
items array
type object
properties
count number
size number
headers object
statusCode integer
Revoke User Agreement

Revoke agreements users have accepted or signed.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Agreement dropDown

The name of the agreement.

  • Use Agreement ID (Default)
Agreement ID textField

A unique identifier for the agreement the user has accepted or signed.

Accept Language textField

The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

agreementId string minLength: 0 maxLength: 100

Agreement ID

acceptLanguage string minLength: 0 maxLength: 100

BCP 47 Language tag used as Accept-Language header

Output Schema
output object
userAgreement object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
rawResponse object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
headers object
statusCode integer
Accept User Agreement

Accept user agreements.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Agreement Presentation ID textField

The unique identifier for the agreement information to ensure the correct agreement revision and language is being accepted.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

agreementPresentationId string required

Read User Agreement and Read Agreement capabilities generate this id in their agreement presentation output.

Output Schema
output object
userAgreement object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
rawResponse object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
headers object
statusCode integer
Read Agreement Content

Find information about the agreement content.

Details
Details
Properties
Agreement dropDown

The name of the agreement.

  • Use Agreement ID (Default)
Agreement ID textField

A unique identifier for the agreement the user has accepted or signed.

Accept Language textField

The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".

User Locale textField

The user's location, which determines the language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".

Input Schema
default object
agreementId string minLength: 0 maxLength: 100

Agreement ID

acceptLanguage string minLength: 0 maxLength: 100

BCP 47 Language tag used as Accept-Language header

userLocale string minLength: 0 maxLength: 100

User Locale

Output Schema
output object
agreementPresentation object
properties object
agreementPresentationId string
agreementText string
agreementTitle string
agreementAcceptCheckboxText string
agreementContinueButtonText string
agreementDeclineButtonText string
userAgreement object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
rawResponse object
properties object
_embedded object
properties object
agreement object
properties object
id string
name string
environment object
properties object
id string
reconsentPeriodDays number
totalConsents number
totalExpiredConsents number
consentsAggregatedAt string
enabled boolean
revision object
properties object
id string
environment object
properties object
id string
effectiveAt string
contentType string
requireReconsent boolean
language object
properties object
userExperience object
properties object
acceptCheckboxText string
continueButtonText string
declineButtonText string
id string
environment object
properties object
id string
displayName string
locale string
enabled boolean
lastConsent object
properties object
id string
expiresAt string
revision object
properties object
id string
language object
properties object
id string
id string
environment object
properties object
id string
user object
properties object
id string
status string
headers object
statusCode integer
Read Population

Find population information.

Details
Details
Properties
Population dropDown

The name of the population.

  • Use Population ID (Default)
Population ID textField

The unique identifier for the population.

Input Schema
default object
population string required minLength: 0 maxLength: 100

Population

populationId string minLength: 0 maxLength: 100

Population ID

Output Schema
output object
population object
properties object
id string
name string
description string
userCount number
createdAt string
updatedAt string
passwordPolicy object
properties object
id string
rawResponse object
properties object
id string
name string
description string
userCount number
createdAt string
updatedAt string
passwordPolicy object
properties object
id string
headers object
statusCode integer
Read User Group Memberships

Find information about the groups to which users belong.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

Output Schema
output object
groupMemberships array
items array
type object
properties {"type":"string"}
rawResponse object
properties object
_embedded object
properties object
groupMemberships array
items array
type object
properties {"type":"string"}
count number
size number
headers object
statusCode integer
Create User Group Membership

Add a user to a group.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Group dropDown

The name of the group.

  • Use Group ID (Default)
Group ID textField

The unique identifier for the group.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

groupId string minLength: 0 maxLength: 100

Group ID

groupName string
description string
externalId string
userFilter string

SCIM filter for users

memberGroupRelationship boolean
Output Schema
output object
groupMembership object
properties object
id string
name string
population object
properties object
id string
type string
rawResponse object
properties object
groupMembership object
properties object
id string
name string
population object
properties object
id string
type string
headers object
statusCode integer
Delete User Group Membership

Remove a user from a group.

Details
Details
Properties
PingOne Attribute dropDown

Select the attribute that you want to match against the provided identifier to find a user.

  • User ID (Default)
  • Username
  • Email
Identifier textField

Enter the User ID, Username, or Email address of the user that you want to find.

Group dropDown

The name of the group.

  • Use Group ID (Default)
Group ID textField

The unique identifier for the group.

Input Schema
default object
matchAttribute string required

PingOne user attribute to identify a user with.

identifier string required

User attribute to match attributes.

groupId string minLength: 0 maxLength: 100

Group ID

groupName string
description string
externalId string
userFilter string

SCIM filter for users

memberGroupRelationship boolean
Output Schema
output object
rawResponse object
headers object
statusCode integer
Migrate User through Gateway

Validate a user's credentials and, if valid, migrate the user from a PingOne gateway to PingOne.

Details
Details
Properties
Username textField required

The user's unique identifier in the PingOne gateway.

Password textField required

The user's password in the PingOne gateway.

Gateway User Type List variableInputList required

The gateway and user type to target when validating the user's credentials. These values are based on the gateways configured in your PingOne environment.

Input Schema
default object
usernameGateway string required

The user's unique identifier in the PingOne gateway.

passwordGateway string required minLength: 4 maxLength: 100

The user's password in the PingOne gateway.

gatewayUserTypeList array required minItems: 1 maxItems: 5

The gateway and user type to target when validating the user's credentials. These values are based on the gateways configured in your PingOne environment.

Output Schema
output object
rawResponse object
headers object
statusCode integer
Create Group

Create a user group.

Details
Details
Properties
Group Name textField required

The name of the group.

Group Description textArea

The description of the group.

Dynamic User Filter textField

A filter to automatically assign users to the group.

Population dropDown

The name of the population.

  • Use Population ID (Default)
Population ID textField

The unique identifier for the population.

Input Schema
default object
groupId string
groupName string required
description string
externalId string
userFilter string

SCIM filter for users

memberGroupRelationship boolean
Output Schema
output object
group object
properties object
_embedded object
properties object
id string
environment object
properties object
id string
population object
properties object
id string
name string
description string
isExternal string
externalId string
userFilter string
createdAt string
updatedAt string
rawResponse object
properties object
_embedded object
properties object
id string
environment object
properties object
id string
population object
properties object
id string
name string
description string
isExternal string
externalId string
userFilter string
createdAt string
updatedAt string
headers object
statusCode integer
Read Group

Read a user group.

Details
Details
Properties
Group ID textField

The unique identifier for the group.

Input Schema
default object
groupId string required minLength: 0 maxLength: 100

Group ID

Output Schema
output object
group object
properties object
_embedded object
properties object
id string
environment object
properties object
id string
population object
properties object
id string
name string
description string
isExternal string
externalId string
userFilter string
createdAt string
updatedAt string
rawResponse object
properties object
_embedded object
properties object
id string
environment object
properties object
id string
population object
properties object
id string
name string
description string
isExternal string
externalId string
userFilter string
createdAt string
updatedAt string
headers object
statusCode integer
Update Group

Update a user group.

Details
Details
Properties
Group ID textField

The unique identifier for the group.

Group Name textField required

The name of the group.

Group Description textArea

The description of the group.

Dynamic User Filter textField

A filter to automatically assign users to the group.

Input Schema
default object
groupId string required
groupName string required
description string
externalId string
userFilter string

SCIM filter for users

memberGroupRelationship boolean
Output Schema
output object
group object
properties object
_embedded object
properties object
id string
environment object
properties object
id string
population object
properties object
id string
name string
description string
isExternal string
externalId string
userFilter string
createdAt string
updatedAt string
rawResponse object
properties object
_embedded object
properties object
id string
environment object
properties object
id string
population object
properties object
id string
name string
description string
isExternal string
externalId string
userFilter string
createdAt string
updatedAt string
headers object
statusCode integer
Delete Group

Delete a user group.

Details
Details
Properties
Group ID textField

The unique identifier for the group.

Input Schema
default object
groupId string required minLength: 0 maxLength: 100

Group ID

Output Schema
output object
rawResponse object
headers object
statusCode integer
Read Group Members

Read up to 100 members of a group.

Details
Details
Properties
Group ID textField

The unique identifier for the group.

PingOne Attributes textFieldArrayView

Enter the PingOne attributes you want to use to find a user, such as username, userID, or email.

Identifier textField

Enter the identifier, which was captured earlier in the flow, that you want to use to find a user. For example, if the attributes specified are email and username, and the identifier is username, the system will search for users whose email or username match the value captured under username.

Direct Member Relationship toggleSwitch

The output will only include members that are directly assigned to the group, instead of including any members assigned by a filter.

Input Schema
default object
groupId string required minLength: 0 maxLength: 100

Group ID

Output Schema
output object
matchedUsers array
items array
type object
properties {"type":"string"}
count integer
rawResponse object
properties object
_embedded object
properties object
matchedUsers array
items array
type object
properties {"type":"string"}
count integer
headers object
statusCode integer
Authenticate User via Kerberos

Authenticate Active Directory users seamlessly via the Kerberos protocol.

Details
Details
Properties
Gateway dropDown required

Select the gateway that connects to the Active Directory servers where the users are located.

User Type dropDown required

Select the user type through which the users can be found.

Default:

useUserTypeId
Create PingOne User toggleSwitch

When enabled, DaVinci creates a PingOne user account using attributes from Active Directory. Disable this to support a legacy integration where DaVinci is configured as an External IdP in PingOne.

Input Schema
default object
gatewayId string required

Gateway Id

userTypeId string required

User Type ID

createUserIfNotFound boolean
Output Schema
output object
user object
properties object
id string
username string
environment object
properties object
id string
population object
properties object
id string
rawResponse object
statusCode number
headers object
Unlock User

Unlock a user by their user ID.

Details
Details
Properties
User ID textField

ID of the User.

Input Schema
default object
userId string required
Output Schema
output object
user object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
rawResponse object
properties object
preferredLanguage string
timezone string
lastSignOn object
properties object
at string
remoteIp string
title string
type string
locale string
enabled boolean
identityProvider object
properties object
id string
type string
lifecycle object
properties object
status string
createdAt string
verifyStatus string
nickname string
mfaEnabled boolean
id string
email string
emailVerified boolean
updatedAt string
memberOfGroupIDs string
address object
properties object
streetAddress string
locality string
region string
postalCode string
countryCode string
externalId string
photo object
properties object
href string
memberOfGroupNames string
population object
properties object
id string
primaryPhone string
accountId string
mobilePhone string
name object
properties object
formatted string
given string
middle string
family string
honorificPrefix string
honorificSuffix string
account object
properties object
canAuthenticate boolean
status string
lockedAt string
secondsUntilUnlock string
unlockAt string
username string
headers object
statusCode integer