Use the PingOne DaVinci connector to add PingOne functionality for your DaVinci flow.
The PingOne connector has capabilities that you can tie together to achieve your desired outcome. The connector acts like a worker application with each capability calling one or more endpoints in PingOne using your application for authentication.
You can use the PingOne connector to:
- Create a sign-on flow for authentication
- Reset a user's password
- Register new users in the PingOne user store
- Unlock a locked user account
- Create, edit, and delete users in the PingOne user store
- Verify a user's email address
- View a user's population
- Manage a user's group memberships
- Manage user groups
- View agreements and consents for a user
- Migrate users from an LDAP datastore to PingOne
- Authenticate users through Kerberos
Setup
Resources
For information and setup help, see the following sections of the PingOne documentation:
Requirements
To use the connector, you'll need:
- A PingOne license (Try PingOne for free)
- A PingOne environment with a configured Worker app
Setting up PingOne
Setting up your PingOne environment
Adding a Worker application
Add a Worker application in the PingOne console before setting up the PingOne connector in DaVinci.
- In the PingOne console,
add a Worker app. See Adding an application. Note:
Attribute mappings are not required.
- Ensure that you set the authentication method as Client secret
basic.
The PingOne connector receives a token using your application’s credentials.
- Enable the application. See Enabling or disabling an application.
The capabilities in the PingOne connector call endpoints in PingOne with a token received using the application’s credentials. To enable all capabilities, your application needs the required role assignments for the associated capability. If the application doesn't have the required role assignment, you'll see error messages stating that the required authorization isn't configured.
Assigning Roles to the application
To use the appropriate capabilities, the Worker app used by the connector needs the Environment Admin and Identity Data Admin roles.
The user that creates the Worker app must have the Environment Admin and Identity Data Admin roles to assign the roles to a Worker app.
- In your PingOne environment, go
to Applications > Applications.
If you haven't added the application yet, see Adding an application.
- Locate the appropriate application and click it to open the details panel.
- Click the Roles tab and then click the Pencil icon to edit the roles.
- Review the assigned roles to ensure that they include Environment Admin and Identity Data Admin roles. If not, click + Add role to assign them.
Getting your application credentials
Get the Client ID and Client secret from the PingOne console before setting up the PingOne connector in DaVinci.
- In your PingOne
environment, go to Applications > Applications.
If you haven't added the application yet, see Adding an application.
- Locate the appropriate application and click it to open the details panel.
- On the Configuration tab, expand General and locate the Client ID and Client secret. Copy these values to a secure location.
Getting your environment details
Get your Environment ID and Region before setting up the PingOne connector in DaVinci.
- In your PingOne environment, go to Settings > Environment Properties.
- Locate the Environment ID and Region. Copy these values to a secure location.
Setting up the PingOne connector configuration
In DaVinci, add a PingOne connection. For help, see Adding a connector.
Connector configuration
Environment ID
Client ID
Client secret
Region
Using the connector in a flow
You can use sample flows as a starting point or create your own flows to satisfy your requirements. The following section shows some popular sample flows. Open the Flow Library to see them all.
Authenticating users and resetting passwords
Use this flow to create authentication flows that include the ability for users to reset or recover their passwords.
Search for PingOne - Sign On and Password Reset in the Flow Library
For help, see the Creating an authentication flow guide.
Registering users and setting up MFA
Use this flow to create registration flows with optional user enrollment to MFA.
Search for PingOne - Register with verify email and MFA enrollment in the Flow Library
For help, see the Creating an authentication flow guide.
Authenticating users with Risk and MFA
Use this flow to create sign-on flows that include a password check and a conditional step-up to second-factor authentication using PingOne Risk.
Search for PingOne - Sign On and Adaptive MFA in the Flow Library
For help, see the Creating an authentication flow guide.
Registering users with agreements and verifying email
Use this flow to create registration flows that include email address verification and agreement consent.
Search for PingOne - Register with Agreements and Verify Email in the Flow Library
For help, see the Creating an authentication flow guide.
Registering users and verifying email
Use this flow to create registration flows that include email address verification.
Search for PingOne - Register with Verify Email in the Flow Library
For help, see the Creating an authentication flow guide.
Managing group memberships
The connector has several capabilities that allow you to manage the groups that a user belongs to in PingOne:
- Read User Group Membership
- Create User Group Membership
- Delete User Group Membership
No special flow configuration is needed. Add the capability that you want and populate its properties according to the help text.
Managing user groups
The connector has several capabilities that allow you to manage groups.
- Create Group
- Create a new user group in PingOne. Only the Group Name is required.
- Read Group
- Read a user group. Only the Group ID is required.
- Update Group
- Update an existing user group with the supplied information. The Group ID is required to verify the group exists and the Group Name is required only when updating a group.
- Delete Group
- Delete a specified group. Only the Group ID is required.
- Read Group Members
- Read up to 100 users within a group. The list is filterable by match attributes and an identifier. Only the Group ID is required.
No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.
Migrating users from an external directory to PingOne
The connector allows you to use your existing authentication flow to migrate users to the PingOne user store from an external directory.
For help setting up a directory as a gateway in PingOne, see Gateways and Adding a gateway.
In your authentication flow, add the PingOne connector with the Migrate User Through Gateway capability. This capability validates the user's credentials against the directory for authentication, then migrates the user account to PingOne.
The Gateway User Type List property allows you to filter by specific gateways and user types.
Authenticate users via Kerberos
Use this capability to use Kerberos to seamlessly authenticate users who have user records in an on-premises Microsoft Active Directory.
In the flow example below, a user is authenticated using Kerberos when the user does not have a session.
The example flow contains the following nodes:
The PingOne Authentication
node checks if the user has a session in
PingOne.
PingOne
node authenticates the user via Kerberos if the user
does not have a session and evaluates as follows:- Successful: The
PingOne Authentication
node returns a success response. - Failure: The
Username/Password Form
node asks for the user’s username and password and the flow continues to theButton Pressed
node. The user has the options to press:- Submit: The user submits login and the flow continues to the
Sign In
node, theUser Lookup
node, andPingOne node
where a user migrates through a gateway and lastly continues on to theCheck Password
node. - Forgot Password: Flow continues to
Forgot Password
node. - No match: Flow continues to the
An Unexpected Error
node where a custom error message is displayed.
- Submit: The user submits login and the flow continues to the
For help using the connector in a flow, see Creating an authentication flow in the PingOne DaVinci documentation.
Capabilities
- Find User
-
Find a user by identifier.
Details- Details
-
- Properties
-
-
Custom SCIM Filter
toggleSwitch
-
SCIM Filter
textField
-
PingOne Attributes
textFieldArrayView
-
Enter the PingOne attributes you want to use to find a user, such as username, userID, or email.
-
Identifier
textField
-
Enter the identifier, which was captured earlier in the flow, that you want to use to find a user. For example, if the attributes specified are email and username, and the identifier is username, the system will search for users whose email or username match the value captured under username.
-
Return User Password Status
toggleSwitch
-
The output will include a property named 'passwordStatus' which correlates to the user's password state status in PingOne.
-
Custom SCIM Filter
- Input Schema
-
-
default
object
-
-
matchAttributes
array
uniqueItems: true
-
items
array
-
-
type
string
-
maxLength
maxLength: 255
-
type
-
userIdentifierForFindUser
string
-
User attribute to match attributes.
-
returnUserPasswordStatus
boolean
-
scimFilter
string
-
SCIM filter to match users.
-
matchAttributes
-
default
- Output Schema
-
-
output
object
-
-
matchedUser
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
passwordStatus
string
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
matchedUser
-
output
- Find Multiple Users
-
Find a set of users by an identifier.
Details- Details
-
- Properties
-
-
Custom SCIM Filter
toggleSwitch
-
SCIM Filter
textField
-
PingOne Attributes
textFieldArrayView
-
Enter the PingOne attributes you want to use to find a user, such as username, userID, or email.
-
Identifier
textField
-
Enter the identifier, which was captured earlier in the flow, that you want to use to find a user. For example, if the attributes specified are email and username, and the identifier is username, the system will search for users whose email or username match the value captured under username.
-
Custom SCIM Filter
- Input Schema
-
-
default
object
-
-
matchAttributes
array
uniqueItems: true
-
items
array
-
-
type
string
-
maxLength
maxLength: 255
-
type
-
userIdentifierForFindUser
string
-
User attribute to match attributes.
-
scimFilter
string
-
SCIM filter to match users.
-
matchAttributes
-
default
- Output Schema
-
-
output
object
-
-
matchedUsers
array
-
items
array
-
-
type
object
-
properties
{"type":"string"}
-
type
-
count
integer
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
matchedUsers
array
-
items
array
-
-
type
object
-
properties
{"type":"string"}
-
type
-
count
integer
-
matchedUsers
-
_embedded
-
headers
object
-
statusCode
integer
-
matchedUsers
-
output
- Check Password
-
Validate a user's password.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Password
textField
-
The user's password to validate.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
password
string
required
minLength: 1
-
Password
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
passwordState
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
rawResponse
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
headers
object
-
statusCode
integer
-
passwordState
-
output
- Create User
-
Create a user with the attribute values provided.
Details- Details
-
- Properties
-
-
Username
textField
required
-
The unique identifier for the user.
-
Population
dropDown
-
The name of the population.
- Use Population ID (Default)
-
Population ID
textField
-
The unique identifier for the population.
-
Password
textField
-
Given Name
textField
-
Family Name
textField
-
Email
textField
-
Primary Phone
textField
-
Mobile Phone
textField
-
Preferred Language
textField
-
Locale
textField
-
Other Attributes
variableInputList
-
Add other attributes and their values.
-
Lifecycle Status
dropDown
-
Indicate whether new users must initially verify their identities through email. If they do, they will receive an email containing a verification code when their accounts are created.
- ACCOUNT_OK (Default)
- VERIFICATION_REQUIRED
-
Username
- Input Schema
-
-
default
object
-
-
population
string
required
minLength: 0
maxLength: 100
-
Population
-
populationId
string
minLength: 0
maxLength: 100
-
Population ID
-
given
string
-
family
string
-
email
string
-
primaryPhone
string
-
mobilePhone
string
-
username
string
required
-
preferredLanguage
string
-
locale
string
-
passwordForCreateUser
string
-
lifecycleStatus
string
required
-
population
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
rawResponse
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
headers
object
-
statusCode
integer
-
user
-
output
- Read User
-
Find user information.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
rawResponse
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
headers
object
-
statusCode
integer
-
user
-
output
- Update User
-
Update user attributes.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Username
textField
required
-
The unique identifier for the user.
-
Given Name
textField
-
Family Name
textField
-
Email
textField
-
Primary Phone
textField
-
Mobile Phone
textField
-
Preferred Language
textField
-
Locale
textField
-
Other Attributes
variableInputList
-
Add other attributes and their values.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
given
string
-
family
string
-
email
string
-
primaryPhone
string
-
mobilePhone
string
-
username
string
required
-
preferredLanguage
string
-
locale
string
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
rawResponse
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
headers
object
-
statusCode
integer
-
user
-
output
- Delete User
-
Delete users.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Update User Status
-
Enable or disable user accounts.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Enable User
toggleSwitch
-
Enable or disable the user's account.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
enabled
boolean
required
-
Enable Status Of User
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
enabled
boolean
-
enabled
-
rawResponse
object
-
properties
object
-
-
enabled
boolean
-
enabled
-
headers
object
-
statusCode
integer
-
user
-
output
- Send Email Verification Code
-
Send a verification code to the user that can be used to verify their email.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
rawResponse
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
headers
object
-
statusCode
integer
-
user
-
output
- Validate Verification Code
-
Verifies the provided code that was sent to a user's email during account creation.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Verification Code
textField
-
The code emailed to the user to verify their email address.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
verificationCode
string
required
minLength: 0
maxLength: 100
-
Code to verify a user's account
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
user
-
output
- Send Password Recovery Code
-
Send recovery codes to users' email addresses to recover forgotten passwords.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
passwordState
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
rawResponse
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
headers
object
-
statusCode
integer
-
passwordState
-
output
- Validate Password Recovery Code
-
Validate recovery codes and allow users to reset their passwords.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Recovery Code
textField
-
The code to validate.
-
New Password
textField
-
The user's new password.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
recoveryCode
string
required
-
newPassword
string
required
minLength: 1
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
passwordState
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
rawResponse
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
headers
object
-
statusCode
integer
-
passwordState
-
output
- Change Password
-
Change a user's password to a new password using their current password for validation.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Current Password
textField
-
The user's current password.
-
New Password
textField
-
The user's new password.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
newPassword
string
required
minLength: 1
-
currentPassword
string
minLength: 1
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
passwordState
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
rawResponse
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
headers
object
-
statusCode
integer
-
passwordState
-
output
- Set Password
-
Set a user's password, optionally forcing the user to change password at next login.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Password Value
textField
-
The user's new password, which can be in a cleartext or pre-encoded format.
-
Force Change Password
toggleSwitch
-
Indicate whether the user must change their password the next time they sign on.
-
Bypass PingOne Password Policy
toggleSwitch
-
Indicate whether the password policy used to authenticate the user's population should be ignored.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
passwordValue
string
required
minLength: 1
-
forceChange
boolean
-
bypassPolicy
boolean
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
passwordState
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
rawResponse
object
-
properties
object
-
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
warnings
object
-
properties
object
-
-
expires
string
-
noChangeUntil
string
-
failuresRemaining
number
-
expires
-
status
string
-
lastChangedAt
string
-
environment
-
headers
object
-
statusCode
integer
-
passwordState
-
output
- Create Account Link
-
Create an account link for a user.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
External ID
textField
-
ID of a user at an identity provider.
-
Identity Provider
dropDown
-
The name of the PingOne Identity Provider.
- Use Identity Provider ID (Default)
-
Identity Provider ID
textField
-
ID of the PingOne Identity Provider.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
identityProvider
string
required
minLength: 0
maxLength: 100
-
The id of the identity provider the account link is for
-
identityProviderId
string
minLength: 0
maxLength: 100
-
The id of the identity provider the account link is for
-
externalId
string
required
minLength: 0
maxLength: 3000
-
The id of the account at the identity provider
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
identityProvider
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
externalId
string
-
id
-
output
- Read Account Links
-
Reads account links for a user
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
linkedAccounts
array
-
items
array
-
-
type
object
- properties
-
type
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
linkedAccounts
array
-
items
array
-
-
type
object
- properties
-
type
-
linkedAccounts
-
count
number
-
size
number
-
_embedded
-
headers
object
-
statusCode
integer
-
linkedAccounts
-
output
- Delete Account Link
-
Delete a users account link
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Account link ID
textField
-
ID of the account link.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
accountLinkId
string
required
minLength: 0
maxLength: 100
-
Account link ID
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
headers
object
-
statusCode
integer
-
headers
-
output
- Check User Agreement
-
Indicate whether users need to accept or sign agreements before proceeding.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Agreement
dropDown
-
The name of the agreement.
- Use Agreement ID (Default)
-
Agreement ID
textField
-
A unique identifier for the agreement the user has accepted or signed.
-
Accept Language
textField
-
The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
agreementId
string
minLength: 0
maxLength: 100
-
Agreement ID
-
acceptLanguage
string
minLength: 0
maxLength: 100
-
BCP 47 Language tag used as Accept-Language header
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
agreementPresentation
object
-
properties
object
-
-
agreementPresentationId
string
-
agreementText
string
-
agreementTitle
string
-
agreementAcceptCheckboxText
string
-
agreementContinueButtonText
string
-
agreementDeclineButtonText
string
-
agreementPresentationId
-
userAgreement
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
headers
object
-
statusCode
integer
-
agreementPresentation
-
output
- Read User Agreements
-
Find information about agreements users have accepted or signed.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Accept Language
textField
-
The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
acceptLanguage
string
minLength: 0
maxLength: 100
-
BCP 47 Language tag used as Accept-Language header
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
userAgreements
array
-
items
array
-
-
type
object
- properties
-
type
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
userAgreements
array
-
items
array
-
-
type
object
- properties
-
type
-
userAgreements
-
count
number
-
size
number
-
_embedded
-
headers
object
-
statusCode
integer
-
userAgreements
-
output
- Revoke User Agreement
-
Revoke agreements users have accepted or signed.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Agreement
dropDown
-
The name of the agreement.
- Use Agreement ID (Default)
-
Agreement ID
textField
-
A unique identifier for the agreement the user has accepted or signed.
-
Accept Language
textField
-
The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
agreementId
string
minLength: 0
maxLength: 100
-
Agreement ID
-
acceptLanguage
string
minLength: 0
maxLength: 100
-
BCP 47 Language tag used as Accept-Language header
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
userAgreement
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
headers
object
-
statusCode
integer
-
userAgreement
-
output
- Accept User Agreement
-
Accept user agreements.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Agreement Presentation ID
textField
-
The unique identifier for the agreement information to ensure the correct agreement revision and language is being accepted.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
agreementPresentationId
string
required
-
Read User Agreement and Read Agreement capabilities generate this id in their agreement presentation output.
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
userAgreement
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
headers
object
-
statusCode
integer
-
userAgreement
-
output
- Read Agreement Content
-
Find information about the agreement content.
Details- Details
-
- Properties
-
-
Agreement
dropDown
-
The name of the agreement.
- Use Agreement ID (Default)
-
Agreement ID
textField
-
A unique identifier for the agreement the user has accepted or signed.
-
Accept Language
textField
-
The language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".
-
User Locale
textField
-
The user's location, which determines the language in which the agreement is written and indicated by an IEFT BCP 47 language tag, such as "en-US" or "az-Arab".
-
Agreement
- Input Schema
-
-
default
object
-
-
agreementId
string
minLength: 0
maxLength: 100
-
Agreement ID
-
acceptLanguage
string
minLength: 0
maxLength: 100
-
BCP 47 Language tag used as Accept-Language header
-
userLocale
string
minLength: 0
maxLength: 100
-
User Locale
-
agreementId
-
default
- Output Schema
-
-
output
object
-
-
agreementPresentation
object
-
properties
object
-
-
agreementPresentationId
string
-
agreementText
string
-
agreementTitle
string
-
agreementAcceptCheckboxText
string
-
agreementContinueButtonText
string
-
agreementDeclineButtonText
string
-
agreementPresentationId
-
userAgreement
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
agreement
object
-
properties
object
-
-
id
string
-
name
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
reconsentPeriodDays
number
-
totalConsents
number
-
totalExpiredConsents
number
-
consentsAggregatedAt
string
-
enabled
boolean
-
id
-
revision
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
effectiveAt
string
-
contentType
string
-
requireReconsent
boolean
-
id
-
language
object
-
properties
object
-
-
userExperience
object
-
properties
object
-
-
acceptCheckboxText
string
-
continueButtonText
string
-
declineButtonText
string
-
acceptCheckboxText
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
displayName
string
-
locale
string
-
enabled
boolean
-
userExperience
-
agreement
-
lastConsent
object
-
properties
object
-
-
id
string
-
expiresAt
string
-
revision
object
-
properties
object
-
-
id
string
-
id
-
language
object
-
properties
object
-
-
id
string
-
id
-
id
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
user
object
-
properties
object
-
-
id
string
-
id
-
status
string
-
_embedded
-
headers
object
-
statusCode
integer
-
agreementPresentation
-
output
- Read Population
-
Find population information.
Details- Details
-
- Properties
-
-
Population
dropDown
-
The name of the population.
- Use Population ID (Default)
-
Population ID
textField
-
The unique identifier for the population.
-
Population
- Input Schema
-
-
default
object
-
-
population
string
required
minLength: 0
maxLength: 100
-
Population
-
populationId
string
minLength: 0
maxLength: 100
-
Population ID
-
population
-
default
- Output Schema
-
-
output
object
-
-
population
object
-
properties
object
-
-
id
string
-
name
string
-
description
string
-
userCount
number
-
createdAt
string
-
updatedAt
string
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
id
-
rawResponse
object
-
properties
object
-
-
id
string
-
name
string
-
description
string
-
userCount
number
-
createdAt
string
-
updatedAt
string
-
passwordPolicy
object
-
properties
object
-
-
id
string
-
id
-
id
-
headers
object
-
statusCode
integer
-
population
-
output
- Read User Group Memberships
-
Find information about the groups to which users belong.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
groupMemberships
array
-
items
array
-
-
type
object
-
properties
{"type":"string"}
-
type
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
groupMemberships
array
-
items
array
-
-
type
object
-
properties
{"type":"string"}
-
type
-
groupMemberships
-
count
number
-
size
number
-
_embedded
-
headers
object
-
statusCode
integer
-
groupMemberships
-
output
- Create User Group Membership
-
Add a user to a group.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Group
dropDown
-
The name of the group.
- Use Group ID (Default)
-
Group ID
textField
-
The unique identifier for the group.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
groupId
string
minLength: 0
maxLength: 100
-
Group ID
-
groupName
string
-
description
string
-
externalId
string
-
userFilter
string
-
SCIM filter for users
-
memberGroupRelationship
boolean
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
groupMembership
object
-
properties
object
-
-
id
string
-
name
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
type
string
-
id
-
rawResponse
object
-
properties
object
-
-
groupMembership
object
-
properties
object
-
-
id
string
-
name
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
type
string
-
id
-
groupMembership
-
headers
object
-
statusCode
integer
-
groupMembership
-
output
- Delete User Group Membership
-
Remove a user from a group.
Details- Details
-
- Properties
-
-
PingOne Attribute
dropDown
-
Select the attribute that you want to match against the provided identifier to find a user.
- User ID (Default)
- Username
-
Identifier
textField
-
Enter the User ID, Username, or Email address of the user that you want to find.
-
Group
dropDown
-
The name of the group.
- Use Group ID (Default)
-
Group ID
textField
-
The unique identifier for the group.
-
PingOne Attribute
- Input Schema
-
-
default
object
-
-
matchAttribute
string
required
-
PingOne user attribute to identify a user with.
-
identifier
string
required
-
User attribute to match attributes.
-
groupId
string
minLength: 0
maxLength: 100
-
Group ID
-
groupName
string
-
description
string
-
externalId
string
-
userFilter
string
-
SCIM filter for users
-
memberGroupRelationship
boolean
-
matchAttribute
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Migrate User through Gateway
-
Validate a user's credentials and, if valid, migrate the user from a PingOne gateway to PingOne.
Details- Details
-
- Properties
-
-
Username
textField
required
-
The user's unique identifier in the PingOne gateway.
-
Password
textField
required
-
The user's password in the PingOne gateway.
-
Gateway User Type List
variableInputList
required
-
The gateway and user type to target when validating the user's credentials. These values are based on the gateways configured in your PingOne environment.
-
Username
- Input Schema
-
-
default
object
-
-
usernameGateway
string
required
-
The user's unique identifier in the PingOne gateway.
-
passwordGateway
string
required
minLength: 4
maxLength: 100
-
The user's password in the PingOne gateway.
-
gatewayUserTypeList
array
required
minItems: 1
maxItems: 5
-
The gateway and user type to target when validating the user's credentials. These values are based on the gateways configured in your PingOne environment.
-
usernameGateway
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Create Group
-
Create a user group.
Details- Details
-
- Properties
-
-
Group Name
textField
required
-
The name of the group.
-
Group Description
textArea
-
The description of the group.
-
Dynamic User Filter
textField
-
A filter to automatically assign users to the group.
-
Population
dropDown
-
The name of the population.
- Use Population ID (Default)
-
Population ID
textField
-
The unique identifier for the population.
-
Group Name
- Input Schema
-
-
default
object
-
-
groupId
string
-
groupName
string
required
-
description
string
-
externalId
string
-
userFilter
string
-
SCIM filter for users
-
memberGroupRelationship
boolean
-
groupId
-
default
- Output Schema
-
-
output
object
-
-
group
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
population
object
-
properties
object
-
-
id
string
-
id
-
name
string
-
description
string
-
isExternal
string
-
externalId
string
-
userFilter
string
-
createdAt
string
-
updatedAt
string
-
id
-
_embedded
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
population
object
-
properties
object
-
-
id
string
-
id
-
name
string
-
description
string
-
isExternal
string
-
externalId
string
-
userFilter
string
-
createdAt
string
-
updatedAt
string
-
id
-
_embedded
-
headers
object
-
statusCode
integer
-
group
-
output
- Read Group
-
Read a user group.
Details- Details
-
- Properties
-
-
Group ID
textField
-
The unique identifier for the group.
-
Group ID
- Input Schema
-
-
default
object
-
-
groupId
string
required
minLength: 0
maxLength: 100
-
Group ID
-
groupId
-
default
- Output Schema
-
-
output
object
-
-
group
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
population
object
-
properties
object
-
-
id
string
-
id
-
name
string
-
description
string
-
isExternal
string
-
externalId
string
-
userFilter
string
-
createdAt
string
-
updatedAt
string
-
id
-
_embedded
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
population
object
-
properties
object
-
-
id
string
-
id
-
name
string
-
description
string
-
isExternal
string
-
externalId
string
-
userFilter
string
-
createdAt
string
-
updatedAt
string
-
id
-
_embedded
-
headers
object
-
statusCode
integer
-
group
-
output
- Update Group
-
Update a user group.
Details- Details
-
- Properties
-
-
Group ID
textField
-
The unique identifier for the group.
-
Group Name
textField
required
-
The name of the group.
-
Group Description
textArea
-
The description of the group.
-
Dynamic User Filter
textField
-
A filter to automatically assign users to the group.
-
Group ID
- Input Schema
-
-
default
object
-
-
groupId
string
required
-
groupName
string
required
-
description
string
-
externalId
string
-
userFilter
string
-
SCIM filter for users
-
memberGroupRelationship
boolean
-
groupId
-
default
- Output Schema
-
-
output
object
-
-
group
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
population
object
-
properties
object
-
-
id
string
-
id
-
name
string
-
description
string
-
isExternal
string
-
externalId
string
-
userFilter
string
-
createdAt
string
-
updatedAt
string
-
id
-
_embedded
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
id
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
population
object
-
properties
object
-
-
id
string
-
id
-
name
string
-
description
string
-
isExternal
string
-
externalId
string
-
userFilter
string
-
createdAt
string
-
updatedAt
string
-
id
-
_embedded
-
headers
object
-
statusCode
integer
-
group
-
output
- Delete Group
-
Delete a user group.
Details- Details
-
- Properties
-
-
Group ID
textField
-
The unique identifier for the group.
-
Group ID
- Input Schema
-
-
default
object
-
-
groupId
string
required
minLength: 0
maxLength: 100
-
Group ID
-
groupId
-
default
- Output Schema
-
-
output
object
-
-
rawResponse
object
-
headers
object
-
statusCode
integer
-
rawResponse
-
output
- Read Group Members
-
Read up to 100 members of a group.
Details- Details
-
- Properties
-
-
Group ID
textField
-
The unique identifier for the group.
-
PingOne Attributes
textFieldArrayView
-
Enter the PingOne attributes you want to use to find a user, such as username, userID, or email.
-
Identifier
textField
-
Enter the identifier, which was captured earlier in the flow, that you want to use to find a user. For example, if the attributes specified are email and username, and the identifier is username, the system will search for users whose email or username match the value captured under username.
-
Direct Member Relationship
toggleSwitch
-
The output will only include members that are directly assigned to the group, instead of including any members assigned by a filter.
-
Group ID
- Input Schema
-
-
default
object
-
-
groupId
string
required
minLength: 0
maxLength: 100
-
Group ID
-
groupId
-
default
- Output Schema
-
-
output
object
-
-
matchedUsers
array
-
items
array
-
-
type
object
-
properties
{"type":"string"}
-
type
-
count
integer
-
rawResponse
object
-
properties
object
-
-
_embedded
object
-
properties
object
-
-
matchedUsers
array
-
items
array
-
-
type
object
-
properties
{"type":"string"}
-
type
-
count
integer
-
matchedUsers
-
_embedded
-
headers
object
-
statusCode
integer
-
matchedUsers
-
output
- Authenticate User via Kerberos
-
Authenticate Active Directory users seamlessly via the Kerberos protocol.
Details- Details
-
- Properties
-
-
Gateway
dropDown
required
-
Select the gateway that connects to the Active Directory servers where the users are located.
-
User Type
dropDown
required
-
Select the user type through which the users can be found.
Default:
useUserTypeId
-
Create PingOne User
toggleSwitch
-
When enabled, DaVinci creates a PingOne user account using attributes from Active Directory. Disable this to support a legacy integration where DaVinci is configured as an External IdP in PingOne.
-
Gateway
- Input Schema
-
-
default
object
-
-
gatewayId
string
required
-
Gateway Id
-
userTypeId
string
required
-
User Type ID
-
createUserIfNotFound
boolean
-
gatewayId
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
id
string
-
username
string
-
environment
object
-
properties
object
-
-
id
string
-
id
-
population
object
-
properties
object
-
-
id
string
-
id
-
id
-
rawResponse
object
-
statusCode
number
-
headers
object
-
user
-
output
- Unlock User
-
Unlock a user by their user ID.
Details- Details
-
- Properties
-
-
User ID
textField
-
ID of the User.
-
User ID
- Input Schema
-
-
default
object
-
-
userId
string
required
-
userId
-
default
- Output Schema
-
-
output
object
-
-
user
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
rawResponse
object
-
properties
object
-
-
preferredLanguage
string
-
timezone
string
-
lastSignOn
object
-
properties
object
-
-
at
string
-
remoteIp
string
-
at
-
title
string
-
type
string
-
locale
string
-
enabled
boolean
-
identityProvider
object
-
properties
object
-
-
id
string
-
type
string
-
id
-
lifecycle
object
-
properties
object
-
-
status
string
-
status
-
createdAt
string
-
verifyStatus
string
-
nickname
string
-
mfaEnabled
boolean
-
id
string
-
email
string
-
emailVerified
boolean
-
updatedAt
string
-
memberOfGroupIDs
string
-
address
object
-
properties
object
-
-
streetAddress
string
-
locality
string
-
region
string
-
postalCode
string
-
countryCode
string
-
streetAddress
-
externalId
string
-
photo
object
-
properties
object
-
-
href
string
-
href
-
memberOfGroupNames
string
-
population
object
-
properties
object
-
-
id
string
-
id
-
primaryPhone
string
-
accountId
string
-
mobilePhone
string
-
name
object
-
properties
object
-
-
formatted
string
-
given
string
-
middle
string
-
family
string
-
honorificPrefix
string
-
honorificSuffix
string
-
formatted
-
account
object
-
properties
object
-
-
canAuthenticate
boolean
-
status
string
-
lockedAt
string
-
secondsUntilUnlock
string
-
unlockAt
string
-
canAuthenticate
-
username
string
-
preferredLanguage
-
headers
object
-
statusCode
integer
-
user
-
output