Previous PingOne for Enterprises releases
February 2022
Feature | Description |
---|---|
PingFederate Connection |
The latest version of PingFederate available for download through PingOne for Enterprise is 10.3. You can download later versions of PingFederate from the Ping Identity main download site. |
PingOne Connector |
See Known Issues and Limitations below for important information. |
PingOne for Enterprise Directory |
Notification emails sent to administrators when new users self-register now include a link to the Users → User Directory → Users menu where you can approve the new user. For more information, see Approve new directory users. |
December 2021
Feature | Description |
---|---|
Azure Conditional Access |
Added the If you’re using PingID for Azure Conditional Access, the For more information, see Connect to Azure and Configuring PingID MFA for Microsoft Azure AD Conditional Access in the PingID documentation. |
Office 365 Connector |
Migrated the Office 365 Connector from the Azure AD Graph API 1.6 to the Microsoft Graph API 1.0 See Known Issues and Limitations below. For more information, see the Office 365 Connector documentation. |
SSO Admins |
Updated the Account → Administrators page to display all single sign-on (SSO) administrative users. Previously, SSO admins who were also registered in other PingOne for Enterprise accounts did not display. For more information, see Assign administrative roles. |
Subject | Issue/Limitation |
---|---|
Office 365 Connector |
|
October 2021
Feature | Description |
---|---|
PingOne Connector |
See Known Issues and Limitations below for important information. |
SSO/SLO |
Increased the The previous |
Subject | Issue/Limitation |
---|---|
PingOne Connector |
|
September 2021
Feature | Description |
---|---|
Custom Application Categories |
Added the ability to create custom application categories. Custom application categories let you organize applications in ways that work best for your organization. For more information, see Creating a custom application category. |
PingOne Connector |
See Known Issues and Limitations below for important information. |
Single Logout |
Added support for the optional If you specify the For more information, see PingOne for Enterprise and SLO. |
SSO Admins |
Updated the Account → Administrators page to display all single sign-on (SSO) administrative users. Previously, SSO admins who were also registered in other PingOne for Enterprise accounts did not display. For more information, see Assign administrative roles. |
Subject | Issue/Limitation |
---|---|
PingOne Provisioner |
Clearing fields on updates is not supported. Multivalued attributes, such as emails and addresses, are not supported. Multiple values appear as a single-array value in PingOne. Custom attributes are set when the user is initially created. They cannot be updated after they are set. |
August 2021
Feature | Description |
---|---|
PingOne Provisioner |
Added support for custom string attributes. See Known Issues and Limitations below for important information. |
Subject | Issue/Limitation |
---|---|
PingOne Provisioner |
Clearing fields on updates is not supported. Multivalued attributes, such as emails and addresses, are not supported. Multiple values appear as a single-array value in PingOne. Custom attributes are set when the user is initially created. They cannot be updated after they are set. |
July 2021
Feature | Description |
---|---|
Admin Portal Banner |
Added a feature allowing you to display a banner message in the administrative portal. For more information, see Adding a logo and banner message. |
June 2021
Feature | Description |
---|---|
Single Logout Flow |
Added a feature allowing administrators to choose how PingOne for Enterprise handles single logout (SLO) requests. For more information, see Configure the dock when using PingOne for Enterprise Directory and Configuring the dock when using an identity bridge. |
PingID Device Administrator Role |
Added a new administrative role to manage user PingID Device settings. For more information, see Assign administrative roles. |
Read-Only Administrative Roles |
Added a feature allowing you to assign user groups to read-only versions of administrative roles. Read-only roles allow administrators to access the areas of the admin portal normally allowed by that role, but not to change settings. For more information, see Configuring SSO to the PingOne for Enterprise admin portal. |
Password Policy |
Changed the default password requirements for new accounts. Previous default settings required a minimum password length of 6 characters, with no requirement for special characters. New default settings require a minimum password length of 8 characters, and a minimum of one special character. This change only applies to new accounts. |
Subject | Issue/Limitation |
---|---|
Single Logout Flow |
Single logout from the admin portal does not currently support redirect SLO flow. If you select Redirect SLO flow for your users, your SSO admins should use the Sign Off button at the top right of the admin portal rather than signing off through the PingOne Dock. |
May 2021
Feature | Description |
---|---|
Admin-API Client |
Removed the ability to use special characters in the Client Name and Description fields when creating API clients. Special characters in these fields can present a security risk. If you have existing API clients that include special characters, you will be forced to remove the characters the next time you edit the client. For more information, see Creating an Admin-API client. |
Password Policy Customization |
Added a feature giving PingOne for Enterprise for Managed Service Providers administrators the ability to permit their customer accounts to customize password policies. For more information, see Configuring customer account service settings. |
April 2021
Feature | Description |
---|---|
Admin-API Client |
Removed the ability to use special characters in the Client Name and Description fields when creating API clients. Special characters in these fields can present a security risk. If you have existing API clients that include special characters, you will be forced to remove the characters the next time you edit the client. For more information, see Creating an Admin-API client. |
Password Policy Customization |
Added a feature giving PingOne for Enterprise for Managed Service Providers administrators the ability to permit their customer accounts to customize password policies. For more information, see Configuring customer account service settings. |
March 2021
Feature | Description |
---|---|
OAuth Access Token |
Increased the allowed number of trusted origins for OAuth access token Cross-Origin Resource Sharing. The previous limit was 10. The current limit is 100. For more information, see Configuring your OAuth settings. |
PingOne for Customers Provisioner |
Added a new provisioner for PingOne for Customers. This provisioner includes:
For more information see PingOne Integration Kit. |
Self-Service Password Reset |
Reduced the lifetime of self-service user password reset from the sign on screen. Previously the password reset link was valid for 3 days. Currently the password reset link is valid for 24 hours. |
Subject | Issue/Limitation |
---|---|
PingOne for Customers Provisioner |
|
December 2020
Feature | Description |
---|---|
Aquera Provisioner |
Added a new provisioner for Aquera Connector. This is the initial release for this provisioner. This provisioner includes:
For more information, see Overview of the Aquera Connector. |
SCIM SaaS Provisioner |
Fixed application/JSON headers for SCIM 1.1 requests. Added logic to avoid sending an empty For more information, see Overview of the SCIM Connector. |
ServiceNow Provisioner |
Added support for the Orlando and Paris versions of Service Now. For more information, see Overview of the ServiceNow Connector. |
Subject | Issue/Limitation |
---|---|
ServiceNow Provisioner |
|
SCIM SaaS Provisioner |
Also, existing attributes on the SaaS might night be removed during an updated, and the desired value might not be correctly set as primary. * SCIM-compliant service providers may implement or interpret the SCIM standards differently. This can result in behavior that is not consistent with the intended use of the SCIM SaaS Provisioner. * The SCIM provisioner will not provision users until the users are updated. |
November 2020
Feature | Description |
---|---|
Authentication Policy |
Added a feature that allows you to choose whether to authenticate SSO admins using their email or their SSO username. For more information, see Create or update an authentication policy. |
Administrator Settings |
Added a feature that allows you to change the certificate expiration notification settings for Global and SaaS administrators. For more information, see Editing administrative roles, permissions, and notifications and Manage your user profile. |
Subscription API |
Added a new result status to PingID audit events.
For more information about audit events, see Get the audit events for a Poll subscription. |
Subject | Issue/Limitation |
---|---|
Single Logout |
PingOne for Enterprise’s single logout (SLO) implementation relies on the ability to send cookies within an iframe. Safari now blocks this function by default, which causes SLO to fail in most scenarios. We are working to accommodate this new behavior. This issue impacts SLO on the following browsers:
You can solve this problem by enabling third-party cookies in the browser settings. |
October 2020
Feature | Description |
---|---|
Admin-API Clients |
Added a feature that allows you to create Admin-API clients to access subscription endpoints without the need for additional administrator accounts. For more information, see Creating an Admin-API client |
AWS Single Sign-On Provisioner |
Added a new provisioner for AWS Single Sign-On. This is the initial release for this provisioner. This provisioner includes:
See Known Issues and Limitations below for important information. For more information, see Overview of the AWS Single Sign-On Connector. |
PingOne Directory |
Added a feature that directs a user to the specified redirect URL if they click on the registration URL after completing the registration process. For more information about self-registration, see Allow self registration for new directory users. |
Signing Certificates |
Added a feature that allows administrators to designate a signing certificate as the default certificate for newly added application connections. For more information, see Create a signing certificate and View certificate details. |
Subject | Issue/Limitation |
---|---|
AWS Single Sign-On Provisioner |
|
July 2020
Feature | Description |
---|---|
PingOne Directory |
Added a feature that allows administrators to enable additional directory attributes for use in attribute mapping for IdP, dock, and application configuration. For more information, see Manage directory attributes. |
PingOne Provisioner |
|
Subject | Issue/Limitation |
---|---|
PingOne Provisioner |
|
July 2020
Feature | Description |
---|---|
Concur 1.0.1 |
|
June 2020
Feature | Description |
---|---|
Atlassian Cloud Provisioner |
|
ServiceNow Connector 2.2 |
|
Subject | Issue/Limitation |
---|---|
Atlassian Cloud Provisioner |
|
May 2020
Feature | Description |
---|---|
Code42 Provisioner |
|
ZScaler Private Access Provisioner |
|
Subject | Issue/Limitation |
---|---|
Code42 Provisioner |
|
Zscaler Private Access Provisioner |
|
April 2020
Feature | Description |
---|---|
AD Connect agent management |
|
Metadata Download URL |
|
Session Idle Timeout |
|
Slack Connecter |
|
Zoom Connector 1.0 |
|
Subject | Issue/Limitation |
---|---|
Zoom Connector 1.0 |
|
March, 2020
Feature | Description |
---|---|
SCIM Provisioner |
|
Zscaler ZIA Provisioner 1.1 |
|
Subject | Issue/Limitation |
---|---|
Zscaler ZIA Provisioner 1.1 |
The following limitations apply:
|
January, 2020
Feature | Description |
---|---|
Branding |
We’ve expanded the branding options for the PingOne dock as well as the AD Connect and PingOne Directory login screens. We have also added new branding options for intermediate SSO screens including error, SLO, and IdP Discovery screens. Finally we have reorganized the branding screens in the PingOne admin portal. See Assign branding and design for more information. |
Ticket ID | Issue |
---|---|
SSD-12791 |
Fixed an issue to allow non-HTTPS URI redirects in OIDC mobile applications. |
November, 2019
Feature | Description | ||
---|---|---|---|
OAuth refresh tokens |
We’ve added support for OAuth refresh tokens with OpenID Connect applications. See Configuring your OAuth settings and Adding or updating an OIDC application for more information. |
||
Updated provisioner for ServiceNow |
We’ve updated the provisioner for Salesforce. The update to this provisioner includes support for:
See Known Issues and Limitations for important information. |
||
Delegated administration of applications |
We’ve added an Application Administrator role and the ability for you to delegate administration of applications to an Application Administrator. See Assign Application Administrator applications for more information. |
||
SLO for OpenID Connect applications |
We’ve added single logout (SLO) support for OpenID Connect (OIDC) applications. See the Logout URI when adding an OIDC application, or Adding or updating an OIDC application for more information. |
||
Disable inactive users in PingOne directory |
We’ve added the ability for you to disable users who’ve been inactive for an extended period of time. See Disable directory users for more information. |
Ticket ID | Issue |
---|---|
IO-5615 |
(Slack provisioner) Fixed an issue that caused the connector to update the wrong phone number attribute as a result of a change in the Slack API. |
SSD-12509 |
Fixed an issue in Google Chrome where a SameSite=none setting in cookies was affecting SSO. |
SSD-12579 |
Fixed an issue where PingOne directory error messages weren’t displaying single quotes. |
Subject | Issue/Limitation |
---|---|
ServiceNow provisioner |
The following limitations apply:
|
September, 2019
Feature | Description |
---|---|
Adding OIDC applications |
We’ve updated the selection and configuration of OIDC applications, streamlining this process based on the type of OIDC application connection you want to add. See Adding or updating an OIDC application for more information. |
Encryption certificates |
We’ve added management of encryption certificates to the certificate management page (Setup → Certificates). You can choose the encryption certificate used for an application. See Update an encryption certificate for more information. |
Administrators and SSO |
We’ve updated the Administrators page so that when an assigned administrator first signs on (SSO) to the admin portal, they’re automatically added to the list of administrators displayed on the Account → Administrators page. See Assign administrative roles for more information. |
Browser extension updated |
The browser extension (used for Basic SSO password vaulting) has been updated to version 2.54.9. This update included a fix for an unexpected prompt to restart the browser extension. |
Updated provisioner for Salesforce |
We’ve updated the provisioner for Salesforce. The update to this provisioner includes support for:
|
Ticket ID | Issue |
---|---|
(Browser extension) Staging-8549 |
Fixed an issue where users were unexpectedly prompted to restart the browser extension. |
IO-5467 |
Fixed an issue that prevented users with certain special characters from being provisioned to Salesforce. |
SSD-12043 |
Fixed an issue where the SAML_SUBJECT attribute was not appearing in the attributes dropdown list in Advanced Attribute Mapping mode. |
Subject | Issue/Limitation |
---|---|
Salesforce provisioner |
The following limitations apply:
|
July, 2019
Feature | Description |
---|---|
PingOne directory user passwords |
We’ve updated the PingOne directory user password process for new users. Now after you create a new user, the user must change their assigned password when they first sign on. See Add directory users for more information. |
Updated provisioner for WebEx® |
We’ve updated the provisioner for WebEx. The update to this provisioner includes:
|
Updated provisioner for Amazon Web Services |
We’ve updated the provisioner for Amazon Web Services (AWS). The update to this provisioner includes:
|
PingFederate Bridge |
PingFederate Bridge is now the default PingFederate identity bridge for PingOne. It’s a light-weight version of PingFederate designed for quick and easy configuration with PingOne. See .pingidentity.com/pingfederatebridge/pf93///[Introduction to PingFederate Bridge] and Connect to PingFederate for more information. |
Admin portal SSO for multiple groups |
You can now assign multiple groups to administrative roles for the purpose of SSO to the PingOne admin portal from the PingOne dock. We’ve also created a new page for this assignment: Setup → Dock → Admin Portal SSO. See Configure SSO from the dock to the admin portal for more information. |
Ping directory branding |
We’ve added the ability for you to brand PingOne directory pages for your organization. See Assign directory branding and designs for more information. |
SSO reports |
You can now apply filtering to SSO reports based on specific applications. See Run a predefined report or Run a custom report for more information. |
Supported languages |
PingOne UI components now support the use of more languages. See PingOne for Enterprise language support for more information. |
Subject | Issue/Limitation |
---|---|
WebEx provisioner |
The following limitations apply:
|
Amazon Web Services provisioner |
The following limitations apply:
|
June, 2019
Feature | Description |
---|---|
PingFederate Bridge |
PingFederate Bridge is now the default PingFederate identity bridge for PingOne. It’s a light-weight version of PingFederate designed for quick and easy configuration with PingOne. See .pingidentity.com/pingfederatebridge/pf93///[Introduction to PingFederate Bridge] and Connect to PingFederate for more information. |
Admin portal SSO for multiple groups |
You can now assign multiple groups to administrative roles for the purpose of SSO to the PingOne admin portal from the PingOne dock. We’ve also created a new page for this assignment: Setup → Dock → Admin Portal SSO. See Configure SSO from the dock to the admin portal for more information. |
Ping directory branding |
We’ve added the ability for you to brand PingOne directory pages for your organization. See Assign directory branding and designs for more information. |
SSO reports |
You can now apply filtering to SSO reports based on specific applications. See Run a predefined report or Run a custom report for more information. |
Supported languages |
PingOne UI components now support the use of more languages. See PingOne for Enterprise language support for more information. |
Basic SSO option |
We’ve added an option for you to enable Basic SSO on the Setup → Dock → Configurations page in the admin portal. When enabled, you’ll use the browser extension to add apps for Basic SSO. See Basic SSO (password vaulting) for more information. |
Basic SSO browser extension new field available |
We’ve updated the browser extension used for Basic SSO apps to support an additional field for use when training the browser extension to sign on to a Basic SSO app. The additional (third) field is optional and is supplied for those apps that require sign-on information in addition to the user name and password fields. |
Ticket ID | Issue |
---|---|
IO-5262 |
(Provisioning) Fixed an issue where disabling users in the user source without a synchronized user in a target SaaS could result in a new user being created in the SaaS. The affected PingOne apps are:
|
SSD-11699 |
Fixed an issue in PingOne directory where a user having the same email address could not be recreated being deleted. |
May, 2019
Feature | Description |
---|---|
Basic SSO option |
We’ve added an option for you to enable Basic SSO on the Setup → Dock → Configurations page in the admin portal. When enabled, you’ll use the browser extension to add apps for Basic SSO. See Basic SSO (password vaulting) for more information. |
Basic SSO browser extension new field available |
We’ve updated the browser extension used for Basic SSO apps to support an additional field for use when training the browser extension to sign on to a Basic SSO app. The additional (third) field is optional and is supplied for those apps that require sign-on information in addition to the user name and password fields. |
Updated provisioner for PingOne for Customers |
We’ve updated the provisioner for PingOne for Customers. This provisioner is intended for existing PingOne for Enterprise accounts using either PingOne directory or AD Connect who want to migrate their users to PingOne for Customers. The update to this provisioner includes:
|
Ticket ID | Issue |
---|---|
BE-2752 |
(Browser extension) Fixed an issue where the browser extension wasn’t properly replaying an app in Chrome resulting in the Login button not functioning. |
SSD-11636 |
Fixed an issue where a CSR response could not be uploaded to PingOne. |
SSD-11595 |
Fixed an issue where the PingOne attribute mapping for PingFederate defaulted to |
SSD-11570 |
Fixed an issue where the activation key for a PingOne 30 day trial account was not accepted by PingFederate. |
SSD-11351 |
Fixed an issue where a routing for a PingFederate connection was being retained to a Ping data center that was no longer being used. |
Subject | Issue/Limitation |
---|---|
PingOne for Customers provisioner |
The following limitations apply: * Clearing fields on updates is not supported. * Outbound Group Provisioning and Memberships is not supported. * Patch updates to SCIM-enabled target applications are not supported. * There is a limit of one value per type (such as, home, work, other) for multivalue attributes (email, phone, address). * Unexpected behavior may occur if the SaaS application does not specify either type and primary information, or both type and primary information for multivalue attributes (email, phone, address). Also, existing attributes on the application may not be removed during an update, and the desired value may not be correctly set as primary. * SCIM-compliant service providers may implement or interpret the SCIM standards differently. This can result in behaviour that is not consistent with the intended use of the SCIM SaaS provisioner. |
April, 2019
Feature | Description |
---|---|
PingOne registration page |
We’ve updated the UI for the registration page, administrator login, and password recovery. Most importantly, we’ve added the selection of the PingOne data center to use for the new account. See Registering a PingOne for Enterprise account for more information. |
Identity repository setup |
We’ve updated the UI for identity repository setup and added an attribute mapping option enabling you to configure the attribute mapping from the identity provider to the standard set of PingOne SSO attributes. |
Microsoft include::pingone_for_enterprise:partial$p14e_p1refs_azure.adoc[tags=Azure]identity bridge |
We’ve added an identity bridge for Azure, with the option to synchronize groups from your Azure tenant to PingOne for Enterprise. See Connect to Azure for more information. |
Microsoft ADFS identity bridge |
We’ve added an identity bridge for Active Directory Federation Services (ADFS). See Connect to ADFS for more information. |
Group assignment |
You can now authorize groups for application access as part of the application setup for SAML, OIDC, or Application Catalog applications. |
Pingone directory self-registration |
If you’re using PingOne directory as your identity repository, you can now assign the email domains that can be used for self-registration. If you choose not to assign the email domains, then all domains can be used for self-registration. See Allow self registration for new directory users for more information. |
Cross-origin resource sharing (CORS) for OpenID Connect |
If you’re integrating OpenID Connect (OIDC) applications with PingOne, you can now configure one or more trusted origins to enable cross-origin resource sharing (CORS). See Configuring your OAuth settings for more information. |
SAML response signing |
If you’re integrating SAML applications with PingOne, you can now configure whether PingOne for Enterprise signs the SAML assertion or the SAML response that is sent to the application during SSO. See Adding or updating a SAML application for more information. |
Ticket ID | Issue |
---|---|
SSD-10739 |
(Ping directory) Fixed an issue where a user was invited and confirmed the email activation, but the user wasn’t provisioned to Ping directory until another user was created or invited. |
SSD-11230 |
Fixed an issue where the SAML response signing selection for existing connections defaults to signing the assertion. |
March, 2019
Feature | Description |
---|---|
SCIM SaaS provisioner |
We’ve updated the provisioner for SCIM SaaS applications. This provisioner includes:
|
Subject | Issue/Limitation |
---|---|
PingOne for Customers provisioner |
The following limitations apply:
|
February, 2019
Feature | Description |
---|---|
New provisioner for PingOne for Customers |
We’ve added a new provisioner for PingOne for Customers. This provisioner is intended for existing PingOne for Enterprise accounts using either PingOne directory or AD Connect who want to migrate their users to PingOne for Customers. This provisioner includes: * Support for user provisioning. * Support for user attributes: Username, Email, Population ID, Account ID, City, Country, External ID, First Name, Force Change Password, Full Name, Honorific Prefix, Honorific Suffix, Job Title, Last Name, Locale, Middle Name, Mobile Phone, Nickname, Password, Preferred Language, Primary Phone, Profile Image, State/Region, Street Address, Timezone, User Type and ZIP Code.See Known Issues and Limitations for important information. |
Ticket ID | Issue |
---|---|
SSD-10517 |
Fixed an issue where user provisioning to PingOne directory failed when switching to the PingOne directory from either a PingFederate or AD Connect identity bridge. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
PingOne for Customers provisioner |
The following limitations apply:
|
January, 2018
Feature | Description |
---|---|
OpenID Connect custom scopes |
We’ve added OAuth configuration settings for OpenID Connect applications to enable you to define custom scopes or to modify existing scopes with custom or standard claims. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Configure the access token]. |
PingOne redirect URI |
We’ve updated the PingOne redirect URI to include a verification code unique to your account. The redirect URI used by your OpenID Connect provider for PingOne must include the verification code for SSO to be successful. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Connect to OpenID Connect]. |
Audit & Report administrator |
We’ve added a dedicated administrator role for working with the audit event streaming and polling capabilities. The Audit & Report administrator is restricted to accessing the PingOne Dashboard and the Reporting and Subscriptions pages. The Audit & Report administrator can also access the API for polling audit events when audit subscriptions are configured as polling subscriptions. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Assign administrative roles] and .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Managing reports and subscriptions]. |
SSO reporting |
We’ve added new report types and predefined reports for SSO transactions. For more information, see .pingidentity.com/pingone/saasSsoAdminGuide/index.shtml//[Report types] and .pingidentity.com/pingone/saasSsoAdminGuide/index.shtml//[Report event information]. |
Ticket ID | Issue |
---|---|
SSD-10353 |
Fixed an issue where access to the PingOne admin portal generated an error when the PingOne authentication policy applied multi-factor authentication for SSO to the admin portal. |
SSD-10402 |
Fixed an issue that occurred while adding a new SAML application. The signing certificate selected during the configuration process was not being used for the signing certificate download link displayed on the summary page at the end of the configuration process. Instead, the download link used the default signing certificate. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
December, 2018
Feature | Description |
---|---|
OpenID Connect custom scopes |
We’ve added OAuth configuration settings for OpenID Connect applications to enable you to define custom scopes or to modify existing scopes with custom or standard claims. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Configure the access token]. |
PingOne redirect URI |
We’ve updated the PingOne redirect URI to include a verification code unique to your account. The redirect URI used by your OpenID Connect provider for PingOne must include the verification code for SSO to be successful. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Connect to OpenID Connect]. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
November, 2018
Feature | Description |
---|---|
OpenID Connect query parameters |
We’ve updated the OpenID Connect repository configuration to enable you to specify additional query parameters for the authentication request PingOne sends to the OpenID Connect provider. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Connect to OpenID Connect]. |
PingOne dock and SSO session lifetimes |
We’ve updated the PingOne dock to use the same session lifetime as the SSO session. The PingOne dock and SSO session can now be set to as low as 15 minutes. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Configure the dock when using an identity bridge]. |
Turkish language support |
We’ve updated the PingOne user interface to include support for Turkish. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[PingOne language support]. |
Ticket ID | Issue |
---|---|
SSD-9795 |
Fixed an issue where users who are members of a large number of groups were unable to use SafeNet for multi-factor authentication. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
October, 2018
Feature | Description |
---|---|
include::partial$p14e_p1refs_github.adoc[tags=Github]provisioner |
We’ve a new provisioner for Github applications. This provisioner includes:
|
Administrative auditing (reports and subscriptions) |
Administrative auditing is now available PingOne for Enterprise, PingID and PingOne SSO for SaaS Apps. You can utilize the administrative audit events through both the Reports and the Subscriptions facilities . |
PKCE support for OpenID Connect (OIDC) |
We’ve added support for Proof Key for Code Exchange (PKCE) to secure OIDC clients that cannot or choose not to use a client secret. We have therefore relaxed the requirement that a client secret must be specified when configuring an OIDC application with the authorization code flow. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Integrate an OIDC application, PKCE parameters] For more information, see .pingidentity.com/pingone/saasSsoAdminGuide/index.shtml//[Integrate an OIDC application, PKCE parameters]. |
SLO for OIDC identity providers |
We’ve added single logout (SLO) support for PingOne for Enterprise OIDC identity providers (IdPs). You can specify the end-session URL through the well-known metadata of the OpenID Connect provider (end_session_endpoint), or when you configure the PingOne connection for the OIDC IdP. When SLO is triggered, PingOne redirects the user logout process to the end-session URL for the OIDC IdP. |
Automatic IdP Discovery |
We’ve added automatic IdP discovery for all PingOne for Enterprise managed applications (applications managed by your account, rather than a service provider). For these applications, we no longer require that you specify the idpid for SP-initiated (SAML) requests or OIDC authorization requests. |
SAML assertion available in reports |
For SAML applications, we’ve added an enhancement to reports for you to display the SAML assertion for a failed SSO audit event included in a report. You can click on the failure code to display a popup containing the SAML assertion. |
PingOne directory enhancements |
We’ve added features to PingOne directory allowing you to:
|
include::partial$p14e_p1refs_faw.adoc[tags=faw]provisioner |
We’ve updated the provisioner for Workplace by Facebook applications. This provisioner includes:
|
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
Github provisioner |
The following limitations apply:
|
Workplace by Facebook provisioner |
The following limitations apply:
|
September, 2018
Feature | Description |
---|---|
PKCE support for OpenID Connect (OIDC) |
We’ve added support for Proof Key for Code Exchange (PKCE) to secure OIDC clients that cannot or choose not to use a client secret. We have therefore relaxed the requirement that a client secret must be specified when configuring an OIDC application with the authorization code flow. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Integrate an OIDC application, PKCE parameters] For more information, see .pingidentity.com/pingone/saasSsoAdminGuide/index.shtml//[Integrate an OIDC application, PKCE parameters]. |
SLO for OIDC identity providers |
We’ve added single logout (SLO) support for PingOne for Enterprise OIDC identity providers (IdPs). You can specify the end-session URL through the well-known metadata of the OpenID Connect provider (end_session_endpoint), or when you configure the PingOne connection for the OIDC IdP. When SLO is triggered, PingOne redirects the user logout process to the end-session URL for the OIDC IdP. |
Automatic IdP Discovery |
We’ve added automatic IdP discovery for all PingOne for Enterprise managed applications (applications managed by your account, rather than a service provider). For these applications, we no longer require that you specify the idpid for SP-initiated (SAML) requests or OIDC authorization requests. |
PingOne directory enhancements |
We’ve added features to PingOne directory allowing you to:
|
include::partial$p14e_p1refs_faw.adoc[tags=faw]provisioner |
We’ve updated the provisioner for Workplace by Facebook applications. This provisioner includes:
|
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
Workplace by Facebook provisioner |
The following limitations apply:
|
August, 2018
Feature | Description |
---|---|
Users by Service |
We’ve added support for first and last name values for provisioned users on the Users → Users By Service page. |
PingOne directory user registrations |
We’ve added the ability for you to specify a reply-to email address for user registrations on the Setup → Directory → Registration page. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
July, 2018
Feature | Description |
---|---|
OpenID Connect applications |
PingOne for Enterprise and PingOne SSO for SaaS Apps now support the OpenID Connect (OIDC) protocol for application integration using code, implicit or hybrid flows. You can customize access tokens for your account or per application. Client authentication is done using client secrets. For PingOne for Enterprise, you can make PingOne OIDC applications available on the PingOne dock. The applications are also selectable in access and authentication policies. |
Updated provisioner for Evernote® |
We have updated the provisioner for Evernote applications. The update includes: * Support for user attributes: Display Name and External ID. * Support for the Evernote SCIM 2.0 API. * Removed support for hard delete (feature deprecated by Evernote). * Removed support for reactivating a disabled user (feature deprecated by Evernote). See Known Issues and Limitations for important information. |
Updated SCIM SaaS provisioner |
We have updated the provisioner for SCIM SaaS applications. The updates include: * Fixed issue where SCIM v2 requests included SCIM v1.1 schema URN’s. * Fixed issue where the NO_CONTENT HTTP response code was not being handled. * Fixed issue where the SERVER_ERROR HTTP response code was not being handled. * Fixed issue where the user’s active status was not updated correctly on update requests. * Fixed issue where SCIM v2 error descriptions were not logged correctly. * Fixed issue where an empty return body on a user PUT operation caused a JSON parsing exception. See Known Issues and Limitations for important information. |
New provisioner for Lucidchart® |
We have added a new provisioner for the Lucidchart applications. This provisioner includes: * Support for user provisioning. * Support for these user attributes: Username, Display Name, Email, External ID, First Name, Last Name and Roles. See Known Issues and Limitations for important information. |
Updated provisioner for Office 365™ |
We have updated the provisioner for Office 365 applications. The update includes: * Support for hard-deleting users. See Known Issues and Limitations for important information. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
Evernote provisioner |
The following limitations apply: * Clearing fields on updates is not supported. * Provisioning disabled users from an LDAP user repository to Evernote is not supported. * Due to Evernote API limitations, a deactivated user cannot be reactivated using SCIM. * Due to Evernote API limitations, new users cannot be created with the same username as a previously deactivated user. |
SCIM SaaS provisioner |
The following limitations apply: * Clearing fields on updates is not supported. * Outbound Group Provisioning and Memberships is not supported. * Patch updates to SCIM-enabled target applications are not supported. * There is a limit of one value per type (such as, home, work, other) for multivalue attributes (email, phone, address). * Unexpected behavior may occur if the SaaS application does not specify either type and primary information, or both type and primary information for multivalue attributes (email, phone, address). Also, existing attributes on the application may not be removed during an update, and the desired value may not be correctly set as primary. * SCIM-compliant service providers may implement or interpret the SCIM standards differently. This can result in behaviour that is not consistent with the intended use of the SCIM SaaS provisioner. |
Lucidchart provisioner |
The following limitations apply: * Clearing fields on updates is not supported. * Due to Lucidchart API limitations, there will be a performance impact to creating users when mapping External ID or Roles. Both External ID and Role may fail to be added to a user on the initial create. If this happens, an error will be logged and the update to External ID and Roles will be retried up to three times. * Due to Lucidchart API limitations, attempting to update a user immediately after creating them may result in user not found exceptions. This is due to a delay in Lucidchart between creating a user and being able to modify the user. Failed attempts to update the user will be re-attempted up to three times. |
Office 365 provisioner |
The following limitations apply: * Opting out of license management for users is not supported. The provisioner will clear existing licenses even when the attribute is unmapped. * Updating the mobile attribute requires that the service principal representing the provisioner (where the user gets the client key and secret) be assigned a role with Company Administrator privileges (using Powershell). See this KB article for more information. * Updating the Password attribute is not supported. * User updates containing a manager that has not yet been provisioned or updated by the new version will fail, because the manager will not have the new extended attribute holding their distinguished name from Active Directory. * If the DoBase64Conversion field is switched to “false”, expect conflicts or failures on federated domains containing pre-existing users provisioned by dirsync or V1.0. * Only outbound provisioning is supported. * Group provisioning is not supported. * Automatic licensing of users is not supported. |
June, 2018
Feature | Description |
---|---|
New provisioner for Zscaler® |
We have added a new provisioner for the Zscaler applications. This provisioner includes: * Support for user provisioning. * Support for these user attributes: Username, Display Name, Department, Email, External ID, First Name and Last Name. See Known Issues and Limitations for important information. |
Audit subscriptions |
We have added UI for you to configure subscriptions to audit events. You can now display a list of your audit subscriptions, create new Push or Poll subscriptions, and edit or delete existing subscriptions. See Reports and subscriptions for more information. |
Service provider SAML encryption |
We have added an option for you to configure encryption of the assertion in the outbound SAML response sent from PingOne to the service provider (SP). This functionality is available only for non-multiplexed SAML applications. You can assign the encryption algorithm to use. You can also upload your own certificate to use for encryption. NOTE: For enhanced security we will sign the SAML response rather than the assertion in the SAML response when encryption is enabled. See Add and configure a new SAML applicationfor more information. |
Service provider SAML encryption |
We have added an option for you to configure encryption of the assertion in the outbound SAML response sent from PingOne for an application. You can assign the encryption algorithm to use. You can also upload your own certificate to use for encryption. NOTE: For enhanced security we will sign the SAML response rather than the assertion in the SAML response when encryption is enabled. See Add or update a SAML-enabled application for more information. |
Updated navigation design |
We have updated the design of the top-level navigation for the PingOne admin portal. There is no functional or behavioural impact. This is solely a style change. |
Ticket ID | Issue |
---|---|
SSD-8111 |
Fixed an issue where the Target Resource URL was limited to 128 characters. |
SSD-8413 |
Fixed an issue where changing the PingOne for Enterprise Target Resource URL for an application supplied by a service provider (SP) to the same Target Resource value as set by the SP resulted in the setting change failing. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
Zscaler provisioner |
The following limitations apply: * Clearing fields on updates is not supported. * Due to a Zscaler limitation, a user’s username cannot be updated. * Deleting the administrative user that is set up for provisioning may lead to undesired consequences. The provisioner makes the administrative user the owner and member of each group that is created by the provisioner. We recommend that this administrative user is not managed through the provisioner and is not deleted. |
May, 2018
Feature | Description | ||
---|---|---|---|
ServiceNow provisioner (Kingston, Jakarta, Istanbul) |
We’ve added new capabilities for the ServiceNow applications:
See Known Issues and Limitations for important information. This is a new ServiceNow provisioner. We’ve rebranded the existing provisioner from ServiceNow to "ServiceNow (Fuji)". |
||
Box provisioner |
We’ve added new capabilities for the Box applications:
See Known Issues and Limitations for important information.
|
Ticket ID | Issue |
---|---|
SSD-7486 |
Fixed an issue when adding a new SAML application where changes to the signing algorithm were not being retained after saving the changes. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
ServiceNow provisioner (Kingston, Jakarta, Istanbul) |
The following limitations apply:
|
Box provisioner |
The following limitations apply:
|
April, 2018
Feature | Description |
---|---|
OpenID Connect identity repository |
We’ve added support for OpenID Connect identity repositories. You can now authenticate users through any OpenID provider. See Connect to OpenID Connect for more information. |
Force MFA option |
If you have an authentication policy in place for your PingOne account, when you add an application to PingOne, you now have the option to require that each time a user accesses the application, they must use multi-factor authentication (MFA). |
New attribute mapping settings |
When you add an application to PingOne and use advanced attribute mapping to map your identity provider attributes to service provider attributes, you will now find settings for |
Ticket ID | Issue |
---|---|
SSD-6937 |
Fixed an issue where the signing algorithm for a non-multiplexed application wasn’t updating the signing algorithm for the connection. |
SSD-6763 |
Fixed an issue where administrative SSO to the PingOne admin portal for newly assigned administrators was failing when multi-factor authentication (MFA) for the admin portal was required in the authentication policy. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
March, 2018
Ticket ID | Issue |
---|---|
SSD-6751 |
Fixed an issue where the |
SSD-6627 |
Fixed an issue where Basic SSO apps were being counted towards the application limit even though the setting to allow Basic SSO was disabled (the default). |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
January - February, 2018
Feature | Description |
---|---|
include::partial$p14e_p1refs_faw.adoc[tags=faw]provisioner |
We’ve updated the Workplace by Facebook provisioner to add support for additional user attributes. See Known Issues and Limitations for important information. NOTE: If you’ve been using the Workplace by Facebook application (formerly known as Facebook at Work), you will need to edit the application by clicking through to the last page and saving the application. You will then be able to take advantage of the new provisioner features. |
Ticket ID | Issue |
---|---|
SSD-6604 |
Fixed an issue where you were unable to edit or delete duplicate groups. |
SSD-6599 |
Fixed an issue where the PingOne was using the NA region authenticator for multi-factor authentication, rather than the proper regional authenticator for the PingOne account. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
Workplace by Facebook provisioner |
The following limitations apply:
|
December, 2017
Feature | Description | ||
---|---|---|---|
Multi-factor authentication for the PingOne admin portal |
We’ve added a feature on the Authentication Policy page in the admin portal to enable and require PingID multi-factor authentication (MFA) for PingOne administrators who access the PingOne admin portal. Included is an option to specify an administrator who can access the admin portal without requiring MFA. See SSO to the PingOne for Enterprise admin portal with multi-factor authentication for more information. |
||
SAML signature signing algorithm for SSO |
We’ve added the ability for you to configure the signature signing algorithm for all authentication requests, assertion signing and single logout (SLO) between PingOne and SAML identity providers and between PingOne and SAML service providers. PingOne will continue to support the SHA-1 algorithm, but now allows you to select SHA-256, SHA-384 and SHA-512. New SAML connections default to SHA-256. See Connect to PingFederate for more information.
|
||
SAML signature signing algorithm |
We’ve added the ability for you to configure the signature signing algorithm for all assertion signing to PingOne. PingOne will continue to support the SHA-1 algorithm, but now allows you to select SHA-256, SHA-384 and SHA-512. New SAML connections default to SHA-256. See Adding or updating a SAML-enabled application for more information. |
||
Session revocation for PingOne directory |
We’ve implemented a session revocation service for the PingOne directory workflows: user deletion, user disablement and password reset. When you perform these workflows for a PingOne Directory user, the session revocation service will now terminate the PingOne session associated with that user and prevent them from performing new SSO requests through PingOne. See Delete directory users for a description. NOTE: The session revocation service does not perform SLO to SaaS applications that the user may have in an active session. |
||
PingFederate summary information |
We’ve added configuration summary information on the Identity Repository Settings page for identity repositories using PingFederate 8.0 or greater. |
||
New provisioner for Jive® |
We’ve added a new provisioner for Jive applications. This provisioner includes:
See Known Issues and Limitations for important information. |
Feature | Description |
---|---|
Basic SSO and the browser extension |
Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed. |
Subject | Issue/Limitation |
---|---|
Jive provisioner |
The following limitations apply:
|
October, 2017
Feature | Description |
---|---|
include::partial$p14e_p1refs_slack.adoc[tags=Slack]provisioner |
We’ve have added support for additional user attributes. See Known issues and limitations for important information. NOTE: Existing customers must edit their existing Slack application, click through to the end page and save to take advantage of the new features |
SCIM SaaS provisioner |
We’ve added a new provisioner for SCIM SaaS applications. This provisioner includes:
See Known issues and limitations for important information. |
Ping IDaaS Directory provisioner |
We’ve added a new provisioner for Ping IDaaS Directory. See Known issues and limitations for important information. |
Ticket ID | Issue |
---|---|
SSD-6063 |
Fixed an issue where you were unable to preview the PingOne dock. |
SSD-5879 |
Fixed an issue where the number of connections displayed on the My Applications page for applications was incorrect when an application was disabled. |
SSD-3780 |
Fixed an issue where no warning or confirmation prompt was displayed when saving an Attribute Policy that had no associated connection. |
SSD-3838 |
Fixed an issue where the dropdown list on the search bar automatically displayed when opening the PingOne dock using include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]10. |
SSD-3838 |
Fixed an issue when using include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]and clicking the search bar, where an application description wasn’t being displayed after clicking the down arrow. |
. Known issues and limitations
Subject | Issue/Limitation |
---|---|
Slack provisioner |
|
SCIM SaaS provisioner |
|
Ping IDaaS Directory provisioner |
|
Multiplexing and manual connections |
When configuring a manual connection to an application, currently it is possible to select for multiplexing not to be used for non-SAML applications. Multiplexing is used for all non-SAML applications. |
September, 2017
Feature | Description |
---|---|
Deleting a customer account |
We’ve added a confirmation dialog box when you choose to delete a customer account. (SSD-5867) |
Ticket ID | Issue |
---|---|
SSD-5735 |
Fixed an issue where changing the application category for a PingOne for Enterprise managed application did not update the application category on the PingOne dock. |
SSD-5603, 5604 |
Updated Ping logo, icon and favicon. |
August, 2017
Feature | Description |
---|---|
include::partial$p14e_p1refs_msedge.adoc[tags=MsEdge]support |
You can now use the Microsoft Edge browser (minimum EdgeHTML version: 15.15063) with the PingOne dock and the PingOne browser extension. |
PingOne directory |
We’ve expanded the |
PingID Standalone upgrade supported |
Customers with an existing PingID Standalone account can now upgrade to a PingOne for Enterprise account (SSD-5464). |
Ticket ID | Issue |
---|---|
SSD-5536 |
Fixed an issue where the legacy UI was being displayed for Service User administrators. |
SSD-5297, SSD-3839 |
(PingOne directory) Fixed an issue where the UI wasn’t operating as expected when entering email addresses to share a certificate (Setup → Certificates, expand the details for a certificate and click Share). |
SSD-5345 |
Fixed an issue where the dropdown lists for setting attribute mappings in the Dock → Configuration page wasn’t being displayed. |
SSD-5633 |
Fixed an issue when configuring a new custom SAML application where the list of attributes available for attribute mapping wasn’t loading properly until you saved and refreshed the page. |
July, 2017
Feature | Description |
---|---|
Administrators page |
We’ve redesigned the Account → Administrators page for clarity and ease of use. |
Users By Service Bypass option |
We’ve removed the Unlimited Time setting for the Bypass option for Users By Service for all administrators except Global Administrators. You must now be a Global Administrator to enable the Bypass option for a user for an unlimited time. (SSD-4983) |
include::partial$p14e_p1refs_msedge.adoc[tags=MsEdge]support |
You can now use the Microsoft Edge browser (version 40) to access the PingOne admin portal. |
Ticket ID | Issue |
---|---|
SSD-5358 |
Fixed an issue on the My Applications page in the admin portal where the Request Ping Identity add a new application to the application catalog selection did not reference the proper URL. |
SSD-5307 |
Fixed an issue when adding a new private SAML application where the setting for the Force Re-authentication option wasn’t being saved correctly. |
BE-2344 |
(Browser extension) Fixed an issue where the locale setting for the browser extension didn’t match the locale setting for the PingOne dock. |
June, 2017
Feature | Description | ||
---|---|---|---|
PingOne universal certificate |
A new PingOne universal certificate is now available. You need to update to the new PingOne universal certificate if you’re using either PingFederate or a Third-Party SAML provider as your identity bridge and your configuration requires either:
See Check whether you need to update the PingOne for Enterprise universal certificate for more instructions. |
||
PingOne encryption certificate |
We now include the PingOne encryption certificate in the PingOne metadata available when you’re configuring a PingFederate or Third-Party SAML identity bridge. We’ve also added the option to separately download the PingOne encryption certificate if you intend to manually configure the IdP settings (rather than using the PingOne metadata). |
||
Custom entity IDs |
When configuring a PingFederate or Third-Party SAML identity bridge, you can now select to enable account-specific entity IDs and specify a custom entity ID for your account. We will validate the ID to ensure that it is unique across all PingOne accounts. |
||
include::pingone_for_enterprise:partial$p14e_p1refs_gapps.adoc[tags=GApps]provisioner |
We’ve updated the Google Apps for Work provisioner as follows:
|
||
include::partial$p14e_p1refs_zendesk.adoc[tags=Zendesk]provisioner |
We’ve updated the Zendesk provisioner as follows:
|
||
PingOne universal certificate |
A new PingOne universal certificate is now available. If you’re using multiplexing, or using manually configured customer connections, you’re using the PingOne universal certificate. In this case, it is imperative that you edit the application configuration to update the PingOne universal certificate. See Update the PingOne SSO for SaaS Apps universal certificate for instructions. |
||
PingOne encryption certificate |
When you’re adding a customer connection manually, we’ve added the option to separately download the PingOne encryption certificate. |
||
IdP discovery |
When you edit a customer connection, you need only specify the domain or domains used for customer email addresses and we will use this information to discover the IdP for the connection. We’ve added the option to set the current connection as the default IdP connection used for all of your applications. We’ve also updated the IdP Discovery popup window to display the application logo and your corporate logo (if you’ve configured this). |
||
Testing application integration |
For security reasons, we’ve disabled connections to the PingOne Test IdP by default. This connection is enabled only when you select to test your application. We also ensure that you can disable the connection when you’re done testing. |
Ticket ID | Issue |
---|---|
SSD-4485 |
Fixed an issue where selecting to use the PingOne universal certificate for a Third-Party SAML identity bridge configuration, then changing to use the PingOne directory as the identity repository, caused the Renewal Certificate to be selected for use rather than the PingOne universal certificate. |
SSD-4450 |
Fixed an issue that resulted in configuration updates not being used during SSO. |
SSD-4298 |
Fixed an issue where the Upload link was being displayed on top of the company logo icon when registering for a new account. |
SSD-3777 |
Fixed an issue where the Signoff button was being displayed after closing the browser tab for an impersonated session, then going to the PingOne admin portal (the impersonated session) from the PingOne dock. |
SSD-3721 |
Fixed an issue on the My Devices page where pressing the Enter key did not correspond to clicking the Save button. |
April-May, 2017
Feature | Description |
---|---|
include::partial$p14e_p1refs_box.adoc[tags=Box]and include::partial$p14e_p1refs_webex.adoc[tags=WebEx]provisioners |
We’ve improved handling of look-up by Secondary ID, for instances when look-up by Primary ID fails to return a user. |
Corporate branding |
We’ve added an Account → Branding page for you to assign branding to be used for your organization’s account. |
Corporate branding |
We’ve removed the Setup → General page and moved the account branding setting to a new Account → Branding page. On this page, you can assign branding to be used for your organization’s account. |
User support message |
The user support message setting that appeared on the (now removed) Setup → General page is displayed as one of the settings on the Setup → Dock page. The user support message is displayed to your users when they click the Need Help? link in the dock. |
Ticket ID | Issue |
---|---|
SSD-4300 |
Fixed an error message that was displaying repeatedly. |
SSD-4659 |
Fixed an error message displayed when attempting to SSO to an application without the appropriate permissions. |
SSD-4671 |
Fixed an issue where Application Catalog icons weren’t being displayed consistently. |
SSD-3167 |
Fixed an issue where Support Admins (Read-Only) were unable to view the Users tab when impersonating an account using PingOne directory as the identity repository. |
SSD-4661 |
Fixed an issue where the QR code wasn’t being displayed when selecting to add a new device in the PingOne dock. |
SSD-4511 |
Removed the (non-editable) corporate logo field from the Account → Company page. The corporate logo assignment is on the Account → Branding page. |
SSD-4687 |
Fixed an issue where selecting "Other" as the country on the Company page resulted in an error. |
SSD-4806 |
Fixed an issue where an error was thrown when mapping an advanced attribute using "As Literal", entering data, then clicking Save before the preview field updated. |
SSD-4844 |
Fixed an issue where the expiry date for the PingOne universal certificate shown after setting up an identity repository was different (by one day) from the expiry date shown in for the certificate in the list on the Setup → Certificates page. |
SSD-4915 |
Fixed an issue on the Company page when the country is France. The dropdown list for State/Province/Region displayed a second entry for "Limousin", rather than an entry for "Lorraine". |
SSD-4425 |
Fixed an issue where the Company ID value was no longer displayed in the PingOne dock. The Company ID value is now displayed on the bottom of the navigation pane in the dock. |
SSD-5064, 5065 |
Fixed an issue where attempting to SSO to the admin portal from the PingOne dock fails when the prior SSO request was from the dock to PingFederate. |
SSD-3773 |
Fixed an issue where a customer password reset was not also triggering the display of the license agreement if the license agreement had been updated. |
BE-2192 |
Fixed an issue where an error wasn’t being displayed when attempting to launch a Basic SSO application in the PingOne dock (without refreshing the page) after the application had been removed from the My Applications list. |
BE-2228 |
Fixed an issue where the PingOne browser extension training wizard wasn’t able to complete for the Cloudpay Community application. |
BE-2228 |
Fixed issues where the PingOne browser extension training wizard wasn’t able to complete for a number of applications. |
BE-2268 |
Fixed an issue where the PingOne browser extension for include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]was affecting the ability to load intranet sites. |
March, 2017
Feature | Description |
---|---|
Directory settings permissions |
We’ve expanded Identity Repository administrators permissions to include access to view and modify the directory settings when the identity repository is PingOne directory. |
API Provisioning |
From March 4th 2017 Salesforce is no longer supporting TLS 1.0 protocol. PingOne has been updated to support OAuth for Provisioning communication to accommodate this change. See How to Migrate the Salesforce Provisioner for instructions. JIT Provisioning (just-in-time) is not impacted by this change. |
Ticket ID | Issue |
---|---|
SSD-3822 |
Fixed an error message displayed when uploading an IdP metadata file that is missing necessary information for SP-initiated SSO. |
SSD-3695 |
Fixed an issue where the phone number wasn’t being passed to the authentication provider (PingID). |
February, 2017
Feature | Description |
---|---|
PingOne reporting |
We’ve added a new SSO summary report to the list of predefined reports included in the PingOne admin portal reporting. This report shows the number of unique users that are actively using PingOne, and which applications they are logging in to. It also shows the total number of SSO events for each application. |
Password change |
We’ve enhanced security to ensure that if a user fails to enter the correct password three times when changing their password on the User Profile page, they are automatically logged out. |
Salesforce provisioner |
We’ve updated the Salesforce provisioner with the following changes and enhancements:
|
Ticket ID | Issue |
---|---|
SSD-4473 |
Fixed an issue that was preventing an MSP administrator from impersonating an account to which only disabled administrators has access. |
BE-2130 |
Fixed an issue that was preventing the browser extension welcome message from displaying correctly in some browsers. |
SSD-4316 |
Fixed an issue that was prompting a user to activate OAuth when creating a connection for which provisioning was not selected. |
SSD-4289 |
Fixed a security issue with an MSP administrator’s ability to impersonate customer accounts. |
SSD-4282 |
Fixed an issue that was preventing error message popups from closing correctly in the PingOne admin portal. |
BE-2080/BE-1940 |
Fixed an issue that was preventing characters from displaying correctly when training an app, if the language is not English. |
IO-2027 |
We’ve improved the handling of different letter case logins and aliases for the Box provisioner. |
IO-2243 |
Fixed an issue with the Microsoft Office 365 provisioner that was causing an error when trying to retrieve a user during provisioning. |
IO-2242 |
Fixed an issue with the WebEx provisioner’s handling of the timezones not listed in WebEx’s timezone encoding list. |
Subject | Issue/Limitation |
---|---|
Salesforce provisioner |
|
January, 2017
Feature | Description |
---|---|
Certificate Management |
PingOne will now inform you if a verification certificate that has been configured on a connection is invalid when the connection is being edited. |
Reporting |
We’ve added the ability to navigate back to the Users by Service page if you clicked on the Latest Activity link for a user on the Users by Service page. |
Ticket ID | Issue |
---|---|
SSD-4040 |
Fixed an issue when filtering dashboard metrics, where filtering by "today" would return 0 results. Also fixed an issue with the mouse over popup on chart data that spanned a DST boundary where the time reported was offset by +1/-1 hour. |
SSD-4064 |
Fixed an issue where viewing latest activity for a user on the Users by Service page was redirecting to the old report logging UI. |
SSD-4144 |
Fixed an issue that was preventing the first and last name from being displayed in the PingOne dock when using PingOne directory. |
SSD-4116 |
Fixed an issue that was preventing an administrator from accessing report entries if they occurred in a timezone and at a time that was considered the next day for the local timezone. Administrators can now select up to one day in the future for the end date of a report filter. |
SSD-4071 |
Fixed an issue that was preventing the propagation of SLO settings changed on an application in a PingOne for SaaS Apps account from being applied to all connections to that application. |
SSD-4078 |
Fixed an issue that was limiting the value that can be entered in each field on the Password Policy page to three digit numbers (i.e. a maximum value of 999). This limit is now removed. |
SSD-4037 |
Fixed an issue that was not clearing the filter criteria from the previous report, when running a predefined report in the Reporting tab. |
SSD-3718 |
The dropdown box used to select fields when running a report has been fixed so that it now displays field names alphabetically. |
SSD-3794/SSD-3784 |
Fixed an issue when impersonating an account via the PingOne dock that was causing the navigation window to resize incorrectly. |
ID-5209 |
Fixed an issue that was marking the SAML_SUBJECT as an optional field when creating an application connection, rather than mandatory. |
BE-2050 |
The browser extension can now handle language-based variations of the Eventzilla URL. |
BE-1943 |
Fixed an issue that was preventing the browser extension from detecting the Password and Sign In button for the Office 365 app. |
BE-1883 |
Fixed an issue displaying French language text when signing on to the browser extension. |
BE-2003/BE-2005/BE-1995 |
Fixed an issue that was preventing the browser extension from loading correctly after changing the privacy key on a different browser or machine. |
December, 2016: Minor Release
Feature | Description |
---|---|
PingOne admin portal |
We’ve made the following enhancements to the PingOne admin portal:
|
Application catalog |
We’ve added support for the StartMeeting cloud application. |
Reporting |
The report log has been updated and enhanced.
|
Ticket ID | Issue |
---|---|
BE-2003/BE-1995 |
Fixed an issue that was preventing the browser extension from loading correctly after changing the privacy key on a different browser or machine. |
BE-1994 |
Fixed an issue that was preventing the sign in popup from being displayed in the PingOne dock following a browser refresh. |
SSD-3630 |
Fixed an issue that was preventing the system from saving the correct value for the Account Specific Entity ID field and the Sign AuthRequest field when uploading metadata for a third party SAML identity repository configuration. |
ID-5966 |
Fixed an issue when checking whether the Entity ID is unique during identity repository configuration. |
ID-6344 |
Fixed an issue that was categorizing identity provider connections associated with a signing certificate incorrectly. |
SSD-3572 |
Fixed an issue that was preventing the removal of the Identity Bridge Logout URL value assigned in PingOne. |
SSD-3543 |
Fixed an issue where during configuration of an Invited PingOne SSO account, attempting to download a metadata file or a signing certificate generated an error. |
November, 2016: Minor Release
Feature | Description |
---|---|
Administrator capabilities |
A global or support administrator impersonating a customer account can now delete the last administrator on the account. |
PingOne admin portal |
We’ve added the ability for a Managed Service Provider (MSP) to delete a custom email template in the PingOne admin portal. |
PingOne admin portal |
We’ve reduced the idle timeout for an admin session to 15 minutes. We’ve added the ability for a Managed Service Provider (MSP) to delete a custom email template in the PingOne admin portal. |
Certificate Management |
We’ve made the following enhancements:
|
Workplace by Facebook™ |
We’ve renamed this feature (formerly known as Facebook at Work), and removed the suppressEmail attribute. |
Box Provisioner |
We’ve added support for updating user emails in Box Provisioner. NOTE: Existing customers must remove their existing Box applications and then add the application connection to take advantage of the new feature. |
Ticket ID | Issue |
---|---|
SSD-3501 |
Fixed an issue that was preventing a customer from creating an account when receiving an email invitation from a Managed Service Provider (MSP) administrator in PingOne. |
SSD-3497/SSD-3394 |
Fixed an issue that was preventing the use of "?" and "/" characters in advanced attribute mapping. |
SSD-3480 |
Fixed an issue that was preventing the validation error message from appearing when importing invalid metadata into the PingOne. |
SSD-3464 |
Fixed an issue that was causing an exception error when trying to save an application with an invalid ACS URL in PingOne. |
SSD-3441 |
Fixed an issue that was displaying the administrator role incorrectly when sending an invitation to a new administrator to become the administrator of an existing PingOne account. |
ID-5882 |
Fixed an issue that was causing PingOne to automatically insert default values into optional attribute mapping fields that were purposefully left blank. |
BE-1892 |
Fixed issues with the following apps, and enabled them in the Application Catalog:
|
ID-6039 |
We’ve hidden the ability to add primary and secondary verification certificates when creating an SAML 1.1 application connection, as verification certificates are not supported in SAML v1.1. |
ID-6266 |
Fixed an issue that was preventing a newly created certificate from appearing in the Certificate List when using Internet Explorer v10 and v11. |
ID-5714 |
The Single Logout Endpoint, Single Logout Response Endpoint, and Single Logout Binding Type fields have been removed from SAML v1.1 managed applications. SAML v1.1 does not support Single Logout Endpoints. |
SSD-3421 |
Fixed an issue that was causing the admin account to be locked, if resetting a password in the PingOne admin portal using a password that does not meet the PingOne directory policy. |
SSD-3418 |
Fixed an issue when resetting a password from the PingOne admin portal. |
SSD-3294 |
Fixed an issue when loading content from PingOne admin portal using Internet Explorer 10. |
October, 2016: Minor Release
Feature | Description |
---|---|
Certificate management |
We’ve now added email notifications to inform you when the primary verification certificate or secondary verification certificate associated with a conniction or identity bridge is expiring. Email notifications are sent two months before expiry, a week before expiry, and at the time of expiry. |
Admin roles |
We’ve renamed the Directory Administrator role to Identity Repository Administrator, for clarity. The Identity Repository Administrator refers to an administrator who is responsible for the identity repository, regardless of whether it is PingFederate, AD Connect, a Third Party repository, or PingOne Directory. |
Dashboard |
We’ve enhanced the layout of data in the graphs displayed on the dashboard. |
MSP administrator |
We’ve enhanced the Managed Service Provider (MSP) admin account capabilities. Now if an MSP account owns a PingOne SSO for SaaS Apps account and invites a customer or partner to create a connection to an application under that PingOne SSO for SaaS Apps account by registering an "Invited PingOne SSO" account, the Invited PingOne SSO account is now listed in the MSP’s customer list page. |
PingOne user accounts |
For any new identity provider that you set up, the lifetime of any user session is now set to 2 hours by default. You can change the duration from PingOne, if you need to do so. |
Attribute mapping |
We’ve added the phone number attribute to the list of dock attribute mapping options for PingFederate, AD Connect, and third party SAML identity repositories. |
Ticket ID | Issue |
---|---|
SSD-3356 |
Restored the setting application logos on applications created in PingOne SSO for SaaS Apps accounts, as they were being removed incorrectly. The logos were removed when this capability was removed for PingOne for Enterprise when using the new PingOne for Enterprisedock. |
BE-1812 |
Fixed an issue that was preventing the Go to PingOneand Sign Offbuttons from showing in the browser extension. |
ID-5976 |
Fixed an error handling issue on the PingOne for Enterprise password reset page. |
ID-5993 |
Fixed an issue that was preventing users changing the default signing certificate assigned to their managed application. |
ID-6171 |
Fixed an issue with the delete certificate feature. |
SSD-3288 |
Fixed an issue that was preventing a user from entering an email address that includes the '+' character, when inviting a customer from a Managed Service Provider (MSP) account in PingOne for Enterprise. |
SSD-3331 |
Fixed an error displayed when adding Google Drive as a Basic SSO application in PingOne for Enterprise. |
SSD-3259 |
Implemented a fix to make transaction processing more resilient to service configuration problems. |
SSD-3169 |
Fixed a security issue with MSP Support Admin (read-only) roles. |
SSD-3108 |
Fixed an issue updating login failures on the dashboard. |
September, 2016: Minor Release
Feature | Description |
---|---|
Admin log reporting |
We’ve added a new Administrator Login category to the reports log. The new report shows all login attempts by a PingOne administrator, the method of login used (username and password, or SSO) and whether the login attempt was successful. |
SSO to PingOne Admin portal |
We’ve added the ability for administrators having Identity Repository administrator or SaaS administrator roles to SSO directly to the PingOne admin portal. In previous versions this was only available for the Global administrator and the Service User administrator roles. This option is only available when using PingFederate, AD Connect, or Third Party SAML as your identity repository. |
PingOne API |
We’ve added support for PKCS7 formatted certificates. |
Certificate Management |
We’ve reorganized the layout of the connections that are listed in the certificate Connections tab. Connections are now listed by category (identity bridge or application). Identity bridge connections are listed by type (such as PingFederate, or Third Party SAML). The applications header shows the number of application connections associated with the certificate. . |
Ticket ID | Issue |
---|---|
SSD-3020 |
Verification certificate tool tip text updated. |
SSD-3129 |
Fixed an issue that was permitting users to upload expired or invalid certificates for third party SAML Identity Providers. |
SSD-3112 |
Fixed an issue when accessing the attribute mapping page for a SAML 2.0 connection. When exiting the page and then uploading metadata with a different attribute set, the attributes were not being updated correctly. |
SSD-3161 |
Fixed an issue with caching when trying to SSO with an account that was suspended and then re-enabled. |
SSD-3168 |
Fixed a security issue with Managed Service Provider (MSP) admin capabilities in PingOne. |
August 30, 2016: Minor Release
Feature | Description |
---|---|
Certificate management |
Certificates that do not have a CN defined, now show the first 20 characters of the Subject DN as the certificate name. Performance enhancements were applied to the Certificate Management page. Certificate expiry dates are now displayed in a 4 digit format. |
Ticket ID | Issue |
---|---|
ID-5718 |
Fixed an issue when adding SAML v1.1 applications from the application catalog, where certificate management was not being supported. |
ID-5717 |
Fixed an issue that was preventing a user from being able to add a multiplexed SAML app from the Application Catalog. |
ID-5679 |
Fixed an issue with the appearance of the Select Imagebutton for the Application logo and icon. The appearance is now sized correctly and consistently in the UI. |
ID-5671 |
Fixed a issue when clicking the Active Downloadlink in Safari, that was causing it to be displayed, rather than downloaded. |
ID-5846 |
Fixed a bug that was causing an infinite loop when attempting to access the Devices page before completing first factor authentication using PingOne. |
SSD-3136 |
The option to define an application logo has been removed when creating or editing an application connection for users that have upgraded to the new dock. The option remains for users that are using legacy dock. |
SSD-2993 SSD-3121 |
Fixed a bug when uploading metadata that included mappings that were already in the connection, and was causing these mappings to be lost. |
SSD-3036 |
Fixed an issue that was causing an exception when loading the Certificate Management page if invalid certificates were present. |
SSD-3017 |
Fixed a bug where binary certificates that were uploaded were not saved correctly. |
August 9, 2016: Minor Release
Feature | Description |
---|---|
My Applications search |
We’ve enhanced the ability to search the My Applications list. You can now search by the:
In previous versions it was only possible to search by the application name. |
PingOne certificate management |
We’ve added the ability to view the SHA1 and SHA256 fingerprint in the certificate Properties tab. |
PingOne passwords |
When changing the administrator password in the PingOne admin portal, the administrator is now required to enter their current password, as well as their new password. If the administrator enters the wrong password three times, the account is temporarily locked. |
Ticket ID | Issue |
---|---|
ID-5685 |
Fixed a broken link in the Invite IdP page. |
ID-5549 |
Properties and connections associated with a verification certificate are now displayed in separate tabs. This matches the way this information is presented for signing certificates. |
ID-4585 |
Fixed an issue that was preventing the secondary instance of a certificate from being deleted when replacing a primary certificate with a secondary certificate. |
ID-5428 |
When configuring a managed connection, the text for the Application Icon has been changed to 'For use on the dock'. As the Application Logo is not used on the new PingOne dock, the text for this field has been changed to 'For use on the previous version of the dock'. |
BE-1642 |
Fixed an issue that was making the browser extension unresponsive when clicking the username and then clicking Learn when training an app. |
BE-1601 |
Fixed an issue when training an app that was causing a loop when clicking the Login button. |
ID-5712 |
Fixed an issue when editing an application that was preventing changes to the SLO or SLO Response Endpoint from being saved. |
ID-5689 |
Fixed an issue in the Certificate Management page that was preventing the Download and Export buttons from working in some browsers. |
ID-5691 |
Fixed an issue on the Certificate Management page where applications sharing a connection (a multiplexed connection) were being displayed as disabled. |
July 19, 2016: Minor Release
Feature | Description |
---|---|
Certificate management |
We’ve added a new centralized certificate management UI. The new UI enables you to:
See Overview of signing and verification certificates for more information. |
Additional language support for end user components |
The following languages are now supported for all PingOne user subsystems (PingOne dock, transaction processing, browser extension, and authentication): Chinese, Dutch, English, French, German, Italian, Japanese, Korean, Portuguese, Russian, Spanish, and Thai. |
Ticket ID | Issue |
---|---|
ID-5544 |
Fixed an issue where the PingOne signing certificate wasn’t showing up in the list of results when typing "Ping" in the certificate search field. |
ID-5502 |
Fixed an issue when setting up a connection to an application, that meant the PingOne default certificate was always selected even when a different signing certificate was chosen. |
ID-5481 |
Fixed an issue that caused the PingOne provided signing certificate to be downloaded for an application connection, even if a different singing certificate was selected for the connection. |
ID-5486 |
Renamed the Connection Summary "Certificate" label to "Signing Certificate". |
ID-5485 |
Fixed an issue when promoting a secondary verification certificate to the primary verification certificate. The instance of the secondary verification certificate wasn’t being automatically deleted. |
ID-5482 |
Fixed an issue that the certificate properties Issuer DN and Expiration Date fields were not updating accordingly when uploading a response to a certificate signing request (CSR). |
ID-5343 |
Fixed an issue importing the PingOne metadata file via a URL when setting up a Third-Party SAML identity bridge. |
ID-5329 |
Fixed an issue that was affecting the proper display of text when verifying AD Connect as an identity bridge. |
BE-1569 |
Fixed an issue for trained apps in PingOne browser extension v2.22.0 that was preventing the browser extension from signing in users automatically. |
ID-5585 |
Fixed a bug that was causing formatting issues in the PingOne dock search. |
ID-5543 |
Change the name of the link used to change an identity repository from "Change User Store Type" to "Change Identity Repository". |
ID-5508 |
Fixed an issue that was preventing some users from editing an application. |
June 28, 2016: Minor Release
Feature | Description |
---|---|
New Application Catalog categories |
We’ve added the following categories to the application catalog: benefits, training, and travel. |
Ticket ID | Issue |
---|---|
ID-5444 |
Fixed an issue when attempting to erase the identity bridge URL, the field was not updating correctly. |
ID-5385 |
Fixed formatting of the applications listed in the application catalog. |
ID-5342 |
Fixed an issue with editing an application, where Chrome and Firefox browsers were auto-populating the first two application configuration fields with autosaved username and password data. |
ID-4503 |
Fixed missing link that enables a user to log back into the admin web portal after they successfully logged out. |
BE-1493 |
Fixed an issue when training a basic SSO app, that caused training to pause when clicking on the Login field. |
ID-5462 |
Fixed an error when setting up a Third Party SAML identity bridge that prevented the list of connection information from being displayed. |
ID-5363 |
Fixed an issue that custom app icons were not being displayed in the My Applications page, unless the entry was expanded. Custom app icons now app in the My Applications page, and when deleting an application. |
ID-5356 |
The browser extension install option now only appears if there is at least one Basic SSO application installed. |
ID-5361 |
Fixed a security vulnerability associated with the application name on the legacy dock. |
ID-5415 |
Fixed a security vulnerability associated with the browser extension. |
SSD-2817 |
Fixed an issue that was causing a mismatch between the total number of logins displayed in the Dashboard maps and the number of logins recorded in the Logins field. |
June 15, 2016: Minor Release
Resolved issues
Ticket ID | Issue |
---|---|
ID-5268 |
Performance enhancements, to address customer issues when performing a search of Users by Service. |
ID-4656 |
Fixed a potential security vulnerability. |
ID-5342 |
Fixed an issue with editing an application, where Chrome and Firefox browsers were auto-populating the first two application configuration fields with autosaved username and password data. |
ID-5334 |
Fixed an issue that was causing an error when adding an application. |
ID-5274 |
Fixed an issue when clicking a Configuration page link it was landing on the Dashboard. |
ID-1671 |
Fixed an issue on the Company Settings page when viewing company description the characters were not displaying correctly. |
ID-5332 |
Fixed and issue that an application which had been updated to show a new icon displayed the old icon when trying to delete the application. |
June 1, 2016: Major Release
Feature | Description |
---|---|
New PingOne dock |
We’ve totally redesigned the PingOne dock:
See Introducing the PingOne for Enterprise dock for more information. |
include::partial$p14e_p1refs_faw.adoc[tags=faw]provisioning |
We’ve updated Facebook at Work provisioning to support provisioning user manager details. See Known Limitations for more information. |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Facebook at Work provisioning |
|
May 17, 2016: Minor Release
Enhancements
Feature | Description |
---|---|
include::partial$p14e_p1refs_webex.adoc[tags=WebEx]Provisioning |
We’ve updated WebEx provisioning to support: * Additional user attributes. * WebEx API v10.0 SP3. * Improvements to error handling and logging. See Known Limitations for more information. |
Resolved issues
Ticket ID | Issue |
---|---|
ID-4842 |
Fixed an issue on the PingID Configuration page where choosing to discard changes when attempting to exit this page didn’t exit the page. |
ID-5135 |
Fixed an issue where a new token wasn’t being generated when a PingOne for Enterprise administrator clicked the Invite SaaS Admin link to send an email to the PingOne for SaaS Apps application administrator. |
ID-5128 |
Fixed an issue where some users were not being removed from the PingID service when selecting Remove on the Users by Service page. |
ID-5020 |
Fixed an issue with removing customers from the customers listing. The last customer displayed in the listing wasn’t being removed. |
BE-1300 |
(Browser extension) Fixed an issue causing an include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]installation error (1603) when attempting to install the browser extension. |
Deprecated features
Feature | Description |
---|---|
PingID Standalone account |
The registration option for a PingID Standalone account has been removed. All of the functionality offered by this account is now included in a PingOne for Enterprise account. |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
WebEx provisioning |
* The WebEx ID attribute is not updateable in PingOne. * The MeetingType attribute is limited to one value in PingOne (not a multivalued attribute). * Due to API Limitations, WebEx doesn’t allow a user to be created in a suspended state. WebEx will automatically activate the user after it is created. |
April 26, 2016: Minor Release
Resolved issues
Ticket ID | Issue |
---|---|
ID-4842 |
Fixed an issue where a Managed Service Provider (MSP) was unable to log in to an Invited PingOne SSO account as a Directory Admin. |
ID-3881 |
Fixed an issue where downloading the PingOne metadata file for a Third-Party SAML identity bridge wasn’t working properly in Safari. |
ID-5134 |
Fixed an issue where user were unable to add applications to their personal dock. |
SSD-2627 |
Fixed a security issue with an error message. |
BE-1084 |
(Browser extension) Fixed an issue when using include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]version 11 where the browser extension wasn’t capturing and supplying user credentials properly. |
BE-1222 |
(Browser extension) Fixed an issue where Basic SSO wasn’t working properly when using Internet Explorer for some applications not in the Application Catalog. |
BE-1279 |
(Browser extension) Fixed an in Internet Explorer 11 when signing on to a Basic SSO application from the PingOne dock. |
Deprecated features
Feature | Description |
---|---|
PingID Standalone account |
The registration option for a PingID Standalone account has been removed. All of the functionality offered by this account is now included in a PingOne for Enterprise account. |
April 19, 2016: Minor Release
Enhancements
Feature | Description |
---|---|
include::partial$p14e_p1refs_box.adoc[tags=Box]Provisioning |
We’ve updated Box provisioning to support:
See Known Limitations for more information. |
Resolved issues
Ticket ID | Issue |
---|---|
None |
(None to report for this release.) |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Box provisioning |
|
April 5, 2016: Minor Release
Enhancements
Feature | Description |
---|---|
None |
(None to report for this release.) |
Resolved issues
Ticket ID | Issue |
---|---|
None |
(None to report for this release.) |
SSD-2572 |
Added new application categories for Benefits, Training and Travel. |
ID-4819 |
Fixed an issue where an error occurred when you attempted to change your password using AD Connect with the Password Change option enabled and the IWA option disabled. |
ID-4839 |
Fixed an issue where Basic SSO transactions weren’t being logged. |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Browser extension installation in Mozilla Firefox® |
After installing the PingOne browser extension in Firefox, you need to refresh the page. Otherwise, the browser extension installation will begin again. Ticket ID: ID-4248. |
March 15, 2016: Minor Release
Enhancements
Feature | Description |
---|---|
None |
(None to report for this release.) |
Resolved issues
Ticket ID | Issue |
---|---|
None |
(None to report for this release.) |
ID-4658 |
Fixed an issue where the number of applications displayed in the Dashboard page didn’t match the number of applications displayed in the My Applications page. |
ID-4650 |
Fixed an issue where provisioning for AD Connect was failing. |
ID-4422 |
Fixed an issue where the PingID settings file had an extraneous escape character. |
BE-1142 |
(Browser extension) Fixed an issue where the PingOne browser extension was interfering with display rendering in include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]version 10 or 11 when using include::partial$p14e_p1refs_oracle.adoc[tags=Oracle]Business Intelligence Enterprise Edition. |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Dropbox provisioning |
|
Browser extension installation in Mozilla Firefox® |
After installing the PingOne browser extension in Firefox, you need to refresh the page. Otherwise, the browser extension installation will begin again. Ticket ID: ID-4248. |
February 23, 2016: Minor Release
Enhancements
Feature | Description |
---|---|
include::partial$p14e_p1refs_dropbox.adoc[tags=Dropbox]Provisioning |
We’ve updated Dropbox provisioning to support additional user attributes. See Known Limitations for more information. |
Invited PingOne SSO Accounts |
We’ve add an Administrators page to the PingOne admin portal for Invited PingOne SSO accounts. You can now assign multiple administrators for your account. |
Resolved issues
Ticket ID | Issue |
---|---|
None |
(None to report for this release.) |
SSD-2267 |
Fixed an issue for multi-factor authentication with include::partial$p14e_p1refs_safenet.adoc[tags=SafeNet]where users needed to authenticate a second time when logging in to Safenet. |
ID-4278 |
Fixed an issue in the Reports page display where the Category values was removed whenever the report results were expanded. |
ID-1682 |
Fixed an issue on the User Groups page where the Deprovision all users checkbox wasn’t displayed when you cleared a selected checkbox next to the application name. |
BE-976 |
(Browser extension) Fixed an issue where the Save Learning popup wasn’t displaying properly for include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]version 9. |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Dropbox provisioning |
|
Browser extension installation in Mozilla Firefox® |
After installing the PingOne browser extension in Firefox, you need to refresh the page. Otherwise, the browser extension installation will begin again. Ticket ID: ID-4248. |
February 2, 2016: Minor Release
Resolved issues
Ticket ID | Issue |
---|---|
ID-4216 |
Fixed an issue where the Save button wasn’t working in the application credentials dialog box for Basic SSO applications. |
ID-4213 |
Fixed an issue where the step to configure provisioning for a PingFederate identity bridge displayed in the existing tab/window rather than a new tab/window. |
ID-4145 |
Fixed an issue where the browser extension wasn’t automatically signing in after you install your first Basic SSO application. |
ID-3883 |
Fixed an issue where errors weren’t being displayed properly when installing an identity bridge. |
ID-3398 |
Fixed an issue for PingID Standalone accounts, where an extraneous warning was being displayed when clicking the Setup tab. |
ID-3031 |
Fixed an issue where you were unable to upload a JPG image file for your profile picture. |
ID-3030 |
Fixed an issue where invited PingOne directory users were unable to upload a JPG image file for their profile picture during the registration process. |
BE-12 |
(Browser extension) Fixed an issue where the browser extension wasn’t working properly when login fields displayed in an iFrame. |
BE-747 |
(Browser extension) Fixed an issue where sign on for Basic SSO applications wasn’t working properly when the application login required text input. |
BE-623 |
(Browser extension) Fixed an issue where browser extension wasn’t working properly when the PingOne dock tab wasn’t the current tab. |
ID-1656 |
Fixed an issue where the instruction steps for creating or editing an application displayed HTML tags and encoded characters. |
ID-4214 |
Fixed an issue where the SSO endpoint was being truncated. Now extended to 2048 characters. |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Browser extension installation in Mozilla Firefox® |
After installing the PingOne browser extension in Firefox, you need to refresh the page. Otherwise, the browser extension installation will begin again. Ticket ID: ID-4248. |
January 26, 2016:
include::partial$p14e_p1refs_faw.adoc[tags=faw]Provisioning
Enhancements
Feature | Description |
---|---|
Facebook at Work Provisioning |
We’ve updated Facebook at Work provisioning to support additional user attributes. |
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Known limitations for this release: |
|
January 19, 2016:
include::pingone_for_enterprise:partial$p14e_p1refs_365.adoc[tags=365]Provisioning
Enhancements
Feature | Description |
---|---|
Office 365 Provisioning |
We’ve updated Office 365 provisioning to support:
|
Known issues and limitations
Subject | Issue/Limitation |
---|---|
Known limitations for this release: |
|
January 12, 2016: Minor Release
Resolved issues
Ticket ID | Issue |
---|---|
ID-3828 |
Fixed a misleading error message. |
ID-3758 |
Fixed an issue regarding lapse of synchronization between PingOne directory administrators and directory users. |
SSD-1956 |
Fixed an issue where meaningful information wasn’t being displayed in the Logout Confirmation screen. |
ID-3904 |
Fixed an issue where some pages were displaying an error saying the domains wasn’t set, when the domain had already been set for the PingOne session. |
ID-3504 |
Fixed an issue where you were unable to remove validation certificates assigned to Third-Party SAML identity bridges. |
ID-1656 |
Fixed an issue where the instruction steps for creating or editing an application displayed HTML tags and encoded characters. |
BE-656 |
(Browser extension) Fixed an issue during adding an application where the prompt to sign in normally for the application site was being displayed a second time after you’d already successfully signed in. |
BE-623 |
(Browser extension) Fixed an issue where the Save popup wasn’t being displayed when adding the include::partial$p14e_p1refs_netflix.adoc[tags=netflix]application in include::pingone_for_enterprise:partial$p14e_p1refs_ie.adoc[tags=IE]10. |