PingOne standard platform limits

The PingOne platform includes default limits to ensure secure and reliable access for all of our customers.

This is not a comprehensive list of all usage limits on PingOne. Limits on this list are subject to change. If you experience issues or have questions that aren’t addressed in the following tables, contact your solution architect or open a support case in the Ping Identity Support Center.

Transactions

Type	Limit
HTTP API request header size	6 KB
HTTP API requests per source IP	100 requests per second
SMS messages	50 per day per user
Email messages	50 per day per user
Gateway requests	500 per second per gateway instance
Webhook delivery	500 messages of 1 KB each per POST, 72 POSTs per second

Type

Limit

HTTP API request header size

6 KB

HTTP API requests per source IP

100 requests per second

SMS messages

50 per day per user

Email messages

50 per day per user

Gateway requests

500 per second per gateway instance

Webhook delivery

500 messages of 1 KB each per POST, 72 POSTs per second

Identity data

Type	Limit
Custom attribute schema	Maximum of 200 string attributes and 200 JSON attributes
Combined size of custom string and custom JSON attributes	Maximum is determined by the current, cumulated size of the user profile, which must not exceed 16 KB. Learn more in Custom attributes in the PingOne API documentation.

Type

Limit

Custom attribute schema

Maximum of 200 string attributes and 200 JSON attributes

Combined size of custom string and custom JSON attributes

Maximum is determined by the current, cumulated size of the user profile, which must not exceed 16 KB. Learn more in Custom attributes in the PingOne API documentation.

Administration

Type	Limit
Admin groups	500
Role assignments per admin group	3500
Population level role assignments	250
Role assignments per user or Worker application	3500 roles
Application level role assignments	250

Environments, populations, and groups

Type	Limit
Environments	Varies by subscription plan: Trial plan max: 5 per organization Platform max: 500 active environments per organization 100 environments in "Delete Pending" status per organization For limits specific to your plan, contact Support or your solution architect.
Populations	10,000 per environment
Groups	100,000 per environment
Nested groups	250 nested groups per group This limit includes the combination of nesting levels plus the number of groups at each level.
Identities	1 million per environment for trial plans, up to 50 million per environment depending on your contract
Group memberships	10,000 per identity. Due to size limits on ID tokens, the number of groups returned in a token could be lower.
PingOne Advanced Services or PingID deployments	100 per organization

Type

Limit

Environments

Varies by subscription plan:

Trial plan max: 5 per organization
Platform max:
- 500 active environments per organization
- 100 environments in "Delete Pending" status per organization

For limits specific to your plan, contact Support or your solution architect.

Populations

10,000 per environment

Groups

100,000 per environment

Nested groups

250 nested groups per group

This limit includes the combination of nesting levels plus the number of groups at each level.

Identities

1 million per environment for trial plans, up to 50 million per environment depending on your contract

Group memberships

10,000 per identity. Due to size limits on ID tokens, the number of groups returned in a token could be lower.

PingOne Advanced Services or PingID deployments

100 per organization

Sign-on policies

Type	Limit
Sign-on policies	100 per environment
Steps/actions	21 per policy

Type

Limit

Sign-on policies

100 per environment

Steps/actions

21 per policy

Applications

Type	Limit
Applications (including Application Portal Links)	1000 per environment
Application attribute mappings	100 per application
Sign-on policies or DaVinci flow policies	20 per application
Terms of service text	32,000 characters per revision text
Virtual server IDs (SAML applications)	200 per application

Type

Limit

Applications (including Application Portal Links)

1000 per environment

Application attribute mappings

100 per application

Sign-on policies or DaVinci flow policies

20 per application

32,000 characters per revision text

Virtual server IDs (SAML applications)

200 per application

Configuration

Type	Limit
Custom domains	Paid plans only
Email customization	Paid plans only
Webhooks	50 per environment
Email trust domains	50 per environment
Themes	100 per environment
Forms	100 per environment

Type

Limit

Custom domains

Paid plans only

Email customization

Paid plans only

Webhooks

50 per environment

Email trust domains

50 per environment

Themes

100 per environment

Forms

100 per environment

DaVinci flow limits

Property	Limit	Description
Resource	100	Your environment can contain a maximum of 100 of each entity type. This limitation applies to flows, variables, and connections, but not to end users. Each flow is limited to 100 stored versions.
API payload	10 MB	The maximum payload size for any API call (such as POST, GET, or DELETE) made within a flow.
Number of nodes that can be run per flow invocation	Twice the number of nodes in the flow or 70, whichever is higher	Maximum number of nodes that can be run. This limit is distinct for each flow, so if a flow launches a subflow, both flows can run a number of nodes up to this limit.
Flow timeout	Default is 5 minutes. Maximum possible is 2 days.	A timeout value for the entire flow, beginning when the flow is invoked. Editable for each flow. Learn more in Editing flow settings.
Flow HTTP response timeout	Default is 15 seconds. Maximum possible is 120 seconds.	A timeout value for any HTTP call made by any node in the flow. Editable for each flow. Learn more in Editing flow settings.
Node payload	1 - 10 MB (depending on the node)	The maximum size of the payload sent by a node to future nodes.

Property

Limit

Description

Resource

100

Your environment can contain a maximum of 100 of each entity type. This limitation applies to flows, variables, and connections, but not to end users. Each flow is limited to 100 stored versions.

API payload

10 MB

The maximum payload size for any API call (such as POST, GET, or DELETE) made within a flow.

Number of nodes that can be run per flow invocation

Twice the number of nodes in the flow or 70, whichever is higher

Maximum number of nodes that can be run. This limit is distinct for each flow, so if a flow launches a subflow, both flows can run a number of nodes up to this limit.

Flow timeout

Default is 5 minutes. Maximum possible is 2 days.

A timeout value for the entire flow, beginning when the flow is invoked.

Editable for each flow. Learn more in Editing flow settings.

Flow HTTP response timeout

Default is 15 seconds. Maximum possible is 120 seconds.

A timeout value for any HTTP call made by any node in the flow.

Editable for each flow. Learn more in Editing flow settings.

Node payload

1 - 10 MB (depending on the node)

The maximum size of the payload sent by a node to future nodes.

Learn more in DaVinci flow limits.

Identity providers (IdPs)

Type	Limit
IdPs	1000 per environment
IdP discovery rules	200

Type

Limit

IdPs

1000 per environment

IdP discovery rules

200

Gateways

Type	Limit
Gateways	20 gateways per environment
User Types	20 user types per LDAP gateway

Type

Limit

Gateways

20 gateways per environment

User Types

20 user types per LDAP gateway

Provisioning

Type	Limit
Revisions	1000 per environment
Stores	4196 per environment
Rules	4196 per environment
Mappings	4196 per environment

Type

Limit

Revisions

1000 per environment

Stores

4196 per environment

Rules

4196 per environment

Mappings

4196 per environment

PingOne Authorize

Type	Limit
Unnamed versions	500 per environment
Named versions	100 per environment
Version data size	7 MB per version
User-defined entities or configurations	4000 per environment
Managed entities or configurations	6000 per environment
Decision endpoints	30 per environment
Recent decisions	20 per decision endpoint
Service caching	Service response size: 1 MB Time to live: 24 hours maximum Learn more about service limits in Service configuration constraints.
API services	25 per environment
API operations	25 per API service
Application roles	128 per environment
Application resources	128 per environment
Application permissions	128 per environment
Application permission assignments	1024 per role

Type

Limit

Unnamed versions

500 per environment

Named versions

100 per environment

Version data size

7 MB per version

User-defined entities or configurations

4000 per environment

Managed entities or configurations

6000 per environment

Decision endpoints

30 per environment

Recent decisions

20 per decision endpoint

Service caching

Service response size: 1 MB

Time to live: 24 hours maximum

Learn more about service limits in Service configuration constraints.

API services

25 per environment

API operations

25 per API service

Application roles

128 per environment

Application resources

128 per environment

Application permissions

128 per environment

Application permission assignments

1024 per role

PingOne MFA

Type	Limit
Active devices	20 per user

Type

Limit

Active devices

20 per user

PingOne Verify

Type	Limit
Hourly authentications	3 attempts per hour
Daily authentications	10 attempts per day

Type

Limit

Hourly authentications

3 attempts per hour

Daily authentications

10 attempts per day

Ping Identity customers are not limited by how many verify transactions they perform. However, each of their users is limited by how many document authentications they perform.