Key rotation policy

PingOne uses key rotation to automatically generate new cryptographic keys at a particular interval. The default rotation is 90 days, which exceeds industry best practices.

Administrators can review and fine-tune key rotation policies by using the PingOne API. For more information, see Key rotation policies in the PingOne Platform API Reference.

A KRP applies to:

OIDC Web apps
Native apps
Single-Page apps
Custom apps created through the Management API. For more information, see Application operations in the PingOne API Reference.

Although any OIDC-based application can be configured to use the KRP, if the application is configured with scopes from the PingOne API and if the application includes PingOne API scopes in its authorization requests, PingOne uses the PingOne default key to sign the access tokens.

Viewing the signing key for an application
Updating the key rotation for an application

PingOne

Key rotation policy

Related links