PingOne Advanced Identity Cloud

Feature enablement

Existing tenants can use the openidm/feature endpoint to install new features that require updating existing tenant configuration. Use this endpoint to test the feature in a developer environment before migrating those changes to production.

The openidm/feature endpoint requires an access token with the fr:idm:* scope. Learn more about making REST calls in Use an access token.

Uninstalling or disabling a feature once installed requires contacting support and rolling back your tenant. Always test installing a feature first, before making any changes to your production environment.
URI HTTP Operation Description

/openidm/feature?_queryFilter=true

GET

Returns a list of feature objects. If a feature is not installed, installedVersion returns null.

Groups feature

For more information, refer to Groups.

To install the groups feature, ensure the following:

  • The managed configuration defines the alpha_user and bravo_user objects.

  • The repo.ds configuration defines the alpha_user and bravo_user generic mappings.

  • The managed configuration for alpha_user and bravo_user does not define the groups or effectiveGroups properties.

  • The managed configuration does not define the alpha_group or bravo_group objects.

  • The repo.ds configuration for the alpha_user and bravo_user generic mappings does not define the groups or effectiveGroups properties.

  • Resources do not exist in the repository for alpha_group or bravo_group.
URI HTTP Operation Description

/openidm/feature/groups

GET

Returns the status of the groups feature.

/openidm/feature/groups?_action=validate

POST

Validates that any prerequisites to enable the groups feature are satisfied.

/openidm/feature/groups?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the groups feature.

Password timestamps

Learn more in Password timestamps.

URI HTTP Operation Description

/openidm/feature/password/timestamps

GET

Returns the status of the password timestamp feature.

/openidm/feature/password/timestamps?_action=validate

POST

Validates that any prerequisites to enable the password timestamp feature are satisfied.

/openidm/feature/password/timestamps?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the password timestamp feature.

Additional indexed strings

The additional indexed strings feature adds 15 additional indexed strings to your tenant. You can install this feature using the feature endpoint. To do so:

  1. Confirm that the feature is available by calling GET openidm/feature/indexed/strings/6thru20:

    {
    "_id": "indexed/strings/6thru20",
    "installedVersion": null,
    "availableVersions": [
        "1"
    ]
}
    json

  2. Validate that the feature is installable by calling POST /openidm/feature/indexed/strings/6thru20?_action=validate:

    {
    "status": 200,
    "success": true,
    "message": "Validate complete."
}
    json

  3. Install the feature by calling POST /openidm/feature/indexed/strings/6thru20?_action=install:

    {
    "status": 200,
    "message": "Install complete."
}
    json

  4. Confirm that the feature is no longer installable by calling POST /openidm/feature/indexed/strings/6thru20?_action=validate:

    {
    "status": 200,
    "success": false,
    "message": "Validate complete.config/repo.ds: frIndexedString6 must not already exist.",
}
    json
URI HTTP Operation Description

/openidm/feature/indexed/strings/6thru20

GET

Returns the status of the additional indexed strings feature.

/openidm/feature/indexed/strings/6thru20?_action=validate

POST

Validates that the additional indexed strings feature is available to install.

/openidm/feature/indexed/strings/6thru20?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the additional indexed strings feature.

Two-factor authentication (2FA) profile attributes

The two-factor authentication (2FA) profile attributes feature adds the following five multivalue (array) strings to existing Alpha and Bravo realm user identities in PingOne Advanced Identity Cloud:

  • deviceProfiles

  • devicePrintProfiles

  • webauthnDeviceProfiles

  • oathDeviceProfiles

  • pushDeviceProfiles

You can install this feature using the feature endpoint:

  1. Confirm that the feature is available by calling GET openidm/feature/am/2fa/profiles:

    {
  "_id": "am/2fa/profiles",
  "installedVersion": null,
  "availableVersions": [
    "1"
  ]
}
    json

  2. Validate that the feature is installable by calling POST /openidm/feature/am/2fa/profiles?_action=validate:

    {
  "status": 200,
  "success": true,
  "message": "Validate complete."
}
    json

  3. Install the feature by calling POST /openidm/feature/am/2fa/profiles?_action=install:

    {
  "status": 200,
  "message": "Install complete."
}
    json

  4. Confirm that the feature is no longer installable by calling POST /openidm/feature/am/2fa/profiles?_action=validate:

    {
  "status": 200,
  "success": false,
  "message": "Validate complete.config/repo.ds: am2faProfiles must not already exist."
}
    json
URI HTTP Operation Description

/openidm/feature/am/2fa/profiles

GET

Returns the status of the 2FA profile attributes feature.

/openidm/feature/am/2fa/profiles?_action=validate

POST

Validates that the 2FA profile attributes feature is available to install.

/openidm/feature/am/2fa/profiles?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the 2FA profile attributes feature.