--- title: Feature enablement description: Existing tenants can use the openidm/feature endpoint to install new features that require updating existing tenant configuration. Use this endpoint to test the feature in a developer environment before migrating those changes to production. component: pingoneaic page_id: pingoneaic:idm-rest-api:endpoints/rest-feature canonical_url: https://docs.pingidentity.com/pingoneaic/idm-rest-api/endpoints/rest-feature.html page_aliases: ["release-notes:rapid-channel/2FA-profile-attr.adoc"] section_ids: groups_feature: Groups feature feature-enable-pass-timestamp-attributes: Password timestamp attributes feature-enable-indexed-string-attributes: Additional indexed string attributes feature-enable-2fa-profile-attributes: Two-factor authentication (2FA) profile attributes --- # Feature enablement Existing tenants can use the `openidm/feature` endpoint to install new features that require updating existing tenant configuration. Use this endpoint to test the feature in a developer environment before migrating those changes to production. The `openidm/feature` endpoint requires an [access token](../../developer-docs/authenticate-to-rest-api-with-access-token.html) with the `fr:idm:*` scope. Learn more about making REST calls in [Use an access token](../../developer-docs/authenticate-to-rest-api-with-access-token.html). | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Uninstalling or disabling a feature once installed requires contacting support and rolling back your tenant. Always test installing a feature *first*, before making any changes to your production environment. | | URI | HTTP Operation | Description | | ----------------------------------- | -------------- | ---------------------------------------------------------------------------------------------------- | | /openidm/feature?\_queryFilter=true | GET | Returns a list of feature objects. If a feature is not installed, `installedVersion` returns `null`. | ## Groups feature For more information, refer to [Groups](../../idm-objects/groups.html). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To install the `groups` feature, ensure the following:- The managed configuration defines the `alpha_user` and `bravo_user` objects. - The `repo.ds` configuration defines the `alpha_user` and `bravo_user` generic mappings. - The managed configuration for `alpha_user` and `bravo_user` does *not* define the `groups` or `effectiveGroups` properties. - The managed configuration does *not* define the `alpha_group` or `bravo_group` objects. - The `repo.ds` configuration for the `alpha_user` and `bravo_user` generic mappings does *not* define the `groups` or `effectiveGroups` properties. - Resources do *not* exist in the repository for `alpha_group` or `bravo_group`. | | URI | HTTP Operation | Description | | ----------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | /openidm/feature/groups | GET | Returns the status of the groups feature. | | /openidm/feature/groups?\_action=validate | POST | Validates that the groups feature is available to install:- Returns `status` as `true` if the feature can be installed. - Returns `status` as `false` if the feature is already installed. | | /openidm/feature/groups?\_action=install | POST | Attempts to patch and install a tenant's configuration to enable the groups feature. | ## Password timestamp attributes | | | | - | ----------------------------------------------------------------------------------------- | | | These attributes are enabled by default in tenants created on or after February 06, 2024. | This feature adds two indexed string attributes to your tenant that can be used to query when a user password was last changed and when it's set to expire. Learn more in [Password timestamps](../../realms/password-policy.html#password-timestamps). | URI | HTTP Operation | Description | | ------------------------------------------------------ | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | /openidm/feature/password/timestamps | GET | Returns the status of the password timestamp feature. | | /openidm/feature/password/timestamps?\_action=validate | POST | Validates that the password timestamp feature is available to install:- Returns `status` as `true` if the feature can be installed. - Returns `status` as `false` if the feature is already installed. | | /openidm/feature/password/timestamps?\_action=install | POST | Attempts to patch and install a tenant's configuration to enable the password timestamp feature. | ## Additional indexed string attributes | | | | - | ----------------------------------------------------------------------------------------- | | | These attributes are enabled by default in tenants created on or after November 12, 2024. | This feature adds 15 additional indexed string attributes to your tenant that can be used as general purpose extension attributes. You can install this feature using the `feature` endpoint. To do so: 1. Confirm that the feature is available by calling `GET openidm/feature/indexed/strings/6thru20`: ```json { "_id": "indexed/strings/6thru20", "installedVersion": null, "availableVersions": [ "1" ] } ``` 2. Validate that the feature is installable by calling `POST /openidm/feature/indexed/strings/6thru20?_action=validate`: ```json { "status": 200, "success": true, "message": "Validate complete." } ``` 3. Install the feature by calling `POST /openidm/feature/indexed/strings/6thru20?_action=install`: ```json { "status": 200, "message": "Install complete." } ``` 4. Confirm that the feature is no longer installable by calling `POST /openidm/feature/indexed/strings/6thru20?_action=validate`: ```json { "status": 200, "success": false, "message": "Validate complete.config/repo.ds: frIndexedString6 must not already exist.", } ``` | URI | HTTP Operation | Description | | ---------------------------------------------------------- | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | /openidm/feature/indexed/strings/6thru20 | GET | Returns the status of the additional indexed strings feature. | | /openidm/feature/indexed/strings/6thru20?\_action=validate | POST | Validates that the additional indexed strings feature is available to install:- Returns `status` as `true` if the feature can be installed. - Returns `status` as `false` if the feature is already installed. | | /openidm/feature/indexed/strings/6thru20?\_action=install | POST | Attempts to patch and install a tenant's configuration to enable the additional indexed strings feature. | ## Two-factor authentication (2FA) profile attributes | | | | - | ---------------------------------------------------------------------------------------- | | | These attributes are enabled by default in tenants created on or after January 09, 2025. | This feature adds the following five multivalue (array) strings to existing Alpha and Bravo realm user identities in PingOne Advanced Identity Cloud: * `deviceProfiles` * `devicePrintProfiles` * `webauthnDeviceProfiles` * `oathDeviceProfiles` * `pushDeviceProfiles` The attributes can be used to store references to a user's associated two-factor authentication (2FA) devices. You can install this feature using the `feature` endpoint: 1. Confirm that the feature is available by calling `GET openidm/feature/am/2fa/profiles`: ```json { "_id": "am/2fa/profiles", "installedVersion": null, "availableVersions": [ "1" ] } ``` 2. Validate that the feature is installable by calling `POST /openidm/feature/am/2fa/profiles?_action=validate`: ```json { "status": 200, "success": true, "message": "Validate complete." } ``` 3. Install the feature by calling `POST /openidm/feature/am/2fa/profiles?_action=install`: ```json { "status": 200, "message": "Install complete." } ``` 4. Confirm that the feature is no longer installable by calling `POST /openidm/feature/am/2fa/profiles?_action=validate`: ```json { "status": 200, "success": false, "message": "Validate complete.config/repo.ds: am2faProfiles must not already exist." } ``` | URI | HTTP Operation | Description | | -------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | /openidm/feature/am/2fa/profiles | GET | Returns the status of the 2FA profile attributes feature. | | /openidm/feature/am/2fa/profiles?\_action=validate | POST | Validates that the 2FA profile attributes feature is available to install:- Returns `status` as `true` if the feature can be installed. - Returns `status` as `false` if the feature is already installed. | | /openidm/feature/am/2fa/profiles?\_action=install | POST | Attempts to patch and install a tenant's configuration to enable the 2FA profile attributes feature. |