PingOne DaVinci

Using connectors securely

While Ping Identity provides many proprietary integrations for PingOne DaVinci, some connectors work with third-party services. You should review the security best practices documentation for those services.

Some general security best practices to consider when using third-party connectors in your DaVinci flow are:

  • When passing any secrets, keys, or passwords as output variables through the HTTP connector, mark them as Secure in the connector configuration.

  • The account with the third-party service or on-premise resource should follow the principle of least privilege and only be granted the permissions necessary to perform the actions required by the connector.

  • Whenever using custom JavaScript, HTML, or CSS in a DaVinci connector, you should follow general secure coding guidelines to avoid the introduction of any security vulnerabilities, privacy violations, or other unintended behavior.

Changing the logging level

Some connectors can process a user’s personally identifiable information (PII) such as name, address, email, and birthdate. To prevent inadvertent logging of any sensitive user data, you should not enable debug logging in any production-level flows that use connectors that can process PII.

About this task

To view and change the logging level for your DaVinci flow:

Steps

  1. Click the More Options ( ) icon and select Flow Settings.

  2. On the Logging tab, view the Log Level list.

  3. If the current selection is Debug, select Info.

  4. Click Save.

Result

You can now see if your flow is in Debug mode and disable debug logging. For more information, see Debugging and analytics.

Marking output fields as secure

You should mark output fields secure when adding custom output fields for a connector such as the HTTP connector.

About this task

To mark output fields as secure in the Custom HTML Template of the HTTP connector:

Steps

  1. Add an HTTP connector in DaVinci.

  2. Complete the Property Name and Display Name fields.

    A GIF depicting a user entering the Property Name and Display name, then switching on the Secure toggle.

  3. Click the Secure toggle and click Apply.

Result

The output field is now marked as secure, which acts as an additional safeguard against the logging of any sensitive PII.