Previous PingOne SSO for SaaS Apps releases
February 2022
Feature | Description |
---|---|
Manual Connection IdPID |
Removed the ability to change the idpid value for an existing manual customer connection. The idpid value acts as the identifier for an IdP connection, and changing it can cause unexpected behavior. If you need to change the idpid value, you can create a new manual connection. For more information, see What is an idpId?. |
October 2021
Feature | Description |
---|---|
SSO/SLO |
Increased the The previous |
September 2021
Feature | Description |
---|---|
Custom Entity ID |
Added the ability to define a custom entity ID for applications that are enabled through PingOne. If a custom entity ID is in use by a non-multiplexed connection, it cannot be changed. For more information, see Add or update other applications. |
SSO Summary Report |
Added a new SSO User Count report type. The SSO User Count report counts the total number of unique users for a customer during the specified period. You can run the report either by customer name or For more information, see PingOne for Enterprise report types. |
Ticket ID | Issue |
---|---|
SSD-16877 |
Fixed an issue that reassigned the signing certificate to the default signing certificate when the |
July 2021
Feature | Description |
---|---|
Customer Connection API |
Added a feature allowing you to delete customer connections and application connections using the customer connection API. For more information, see PingOne SSO for SaaS Apps Customer Connection API. |
Admin Portal Banner |
Added a feature allowing you to display a banner message in the administrative portal. For more information, see Assign branding and design. |
June 2021
Feature | Description |
---|---|
Read-Only Administrative Roles |
Added a feature allowing you to assign user groups to read-only versions of administrative roles. Read-only roles allow administrators to access the areas of the admin portal normally allowed by that role, but not to change settings. For more information, see Configure SSO to the admin portal. |
Verbose Reporting |
Added a feature allowing more detailed reports and subscriptions for partner accounts with OIDC identity providers. For more information, see Creating and administering a partner account. |
May 2021
Feature | Description |
---|---|
Account ID |
Added a feature allowing administrative users to look up their unique account ID. To find your account ID, go to Account → Properties. |
April 2021
Feature | Description |
---|---|
Invited Connection Contact Email |
Added a feature allowing administrators to change the contact email for invited accounts. For more information, see Edit an invited customer connection. |
March 2021
Feature | Description |
---|---|
Customer Connections REST API |
Added request parameters to the Customer Connection Rest API. These optional parameters give you the same control over application connections using the API that you would have using the admin console. For more information, see PingOne SSO for SaaS Apps Customer Connection API |
OAuth Access Token |
Increased the allowed number of trusted origins for OAuth access token Cross-Origin Resource Sharing. The previous limit was 10. The current limit is 100. For more information, see Configuring your OAuth settings. |
January 2021
Feature | Description |
---|---|
Admin Console SSO |
Added the ability to configure your IdP connection to allow administrative users to SSO into the admin console. See Known issues and limitations below for important limitations to this feature. For more information, see Configure SSO to the admin portal |
PingOne Token Lifetime |
Reduced the lifetime of the PingOne user token from ten minutes to five minutes. For more information, see Process the PingOne SSO for SaaS Apps token exchange. |
Subject | Issue/Limitation |
---|---|
Single Logout |
PingOne’s single logout (SLO) implementation relies on the ability to send cookies within an iframe. Some browsers now block this ability by default, which causes problems with SLO. SLO does not function on browsers where third-party cookies are disabled. This issue impacts SLO on the following browsers:
IdP-initiated SLO does not terminate the admin portal session in browsers that enforce SameSite. We are working to accommodate this new behavior. |
November 2020
Feature | Description |
---|---|
Administrator Settings |
Added a feature that allows you to change the certificate expiration notification settings for Global and SaaS administrators. For more information, see Editing administrative roles, permissions, and notifications and Manage your user profile. |
October 2020
Feature | Description |
---|---|
Customer Connections |
Added a feature that allows you to filter the list of existing customer connections by status or type. For more information, see Edit an invited customer connection and Edit a managed customer connection. |
April 2020
Feature | Description |
---|---|
Certificate management |
We’ve added a new certificate management UI. The new UI enables you to:
See Certificate management for more information. |
September-November 2019
Feature | Description |
---|---|
Adding OIDC applications |
We’ve updated the selection and configuration of OIDC applications, streamlining this process based on the type of OIDC application connection you want to add. See Adding or updating an OIDC application for more information. |
OpenID Connect login_hint parameter |
We’ve added the ability for you to pass the |
June, 2019
Feature | Description |
---|---|
Customer connection email invitation |
You can now select the PingOne data center region for invited customers. See Creating an invited SSO connection for more information. |
April, 2019
Feature | Description |
---|---|
Cross-origin resource sharing (CORS) for OpenID Connect |
If you’re integrating OpenID Connect (OIDC) applications with PingOne, you can now configure one or more trusted origins to enable cross-origin resource sharing (CORS). See Configuring your OAuth settings for more information. |
January, 2019
Feature | Description |
---|---|
SSO reporting |
We’ve added new report types and predefined reports for SSO transactions. For more information, see .pingidentity.com/pingone/saasSsoAdminGuide/index.shtml//[Report types] and .pingidentity.com/pingone/saasSsoAdminGuide/index.shtml//[Report event information]. |
November, 2018
Feature | Description |
---|---|
Turkish language support |
We’ve updated the PingOne user interface to include support for Turkish. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[PingOne language support]. |
October, 2018
Feature | Description |
---|---|
Administrative auditing (reports and subscriptions) |
Administrative auditing is now available PingOne for Enterprise, PingID and PingOne SSO for SaaS Apps. You can utilize the administrative audit events through both the Reports and the Subscriptions facilities. |
PKCE support for OpenID Connect (OIDC) |
We’ve added support for Proof Key for Code Exchange (PKCE) to secure OIDC clients that cannot or choose not to use a client secret. We have therefore relaxed the requirement that a client secret must be specified when configuring an OIDC application with the authorization code flow. |
September, 2018
Feature | Description |
---|---|
PKCE support for OpenID Connect (OIDC) |
We’ve added support for Proof Key for Code Exchange (PKCE) to secure OIDC clients that cannot or choose not to use a client secret. We have therefore relaxed the requirement that a client secret must be specified when configuring an OIDC application with the authorization code flow. For more information, see .pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml//[Integrate an OIDC application, PKCE parameters] For more information, see .pingidentity.com/pingone/saasSsoAdminGuide/index.shtml//[Integrate an OIDC application, PKCE parameters]. |
July, 2018
Feature | Description |
---|---|
OpenID Connect applications |
PingOne for Enterprise and PingOne SSO for SaaS Apps now support the OpenID Connect (OIDC) protocol for application integration using code, implicit or hybrid flows. You can customize access tokens for your account or per application. Client authentication is done using client secrets. For PingOne for Enterprise, you can make PingOne OIDC applications available on the PingOne dock. The applications are also selectable in access and authentication policies. |
June, 2018
Feature | Description |
---|---|
Service provider SAML encryption |
We have added an option for you to configure encryption of the assertion in the outbound SAML response sent from PingOne for an application. You can assign the encryption algorithm to use. You can also upload your own certificate to use for encryption. NOTE: For enhanced security we will sign the SAML response rather than the assertion in the SAML response when encryption is enabled. See Add or update a SAML-enabled application for more information. |
Updated navigation design |
We have updated the design of the top-level navigation for the PingOne admin portal. There is no functional or behavioural impact. This is solely a style change. |
March, 2018
Ticket ID | Issue |
---|---|
SSD-6751 |
Fixed an issue where the |
December, 2017
Feature | Description |
---|---|
SAML signature signing algorithm |
We’ve added the ability for you to configure the signature signing algorithm for all assertion signing to PingOne. PingOne will continue to support the SHA-1 algorithm, but now allows you to select SHA-256, SHA-384 and SHA-512. New SAML connections default to SHA-256. See Adding or updating a SAML-enabled application for more information. |
November, 2017
Subject | Issue/Limitation |
---|---|
Multiplexing and manual connections |
When configuring a manual connection to an application, currently it is possible to select for multiplexing not to be used for non-SAML applications. Multiplexing is used for all non-SAML applications. |
October, 2017
Ticket ID | Issue |
---|---|
SSD-5879 |
Fixed an issue where the number of connections displayed on the My Applications page for applications was incorrect when an application was disabled. |
SSD-3780 |
Fixed an issue where no warning or confirmation prompt was displayed when saving an Attribute Policy that had no associated connection. |
. Known issues and limitations
Subject | Issue/Limitation |
---|---|
Multiplexing and manual connections |
When configuring a manual connection to an application, currently it is possible to select for multiplexing not to be used for non-SAML applications. Multiplexing is used for all non-SAML applications. |
June, 2017
Feature | Description |
---|---|
PingOne universal certificate |
A new PingOne universal certificate is now available. If you’re using multiplexing, or using manually configured customer connections, you’re using the PingOne universal certificate. In this case, it is imperative that you edit the application configuration to update the PingOne universal certificate. See Update the PingOne SSO for SaaS Apps universal certificate for instructions. |
PingOne encryption certificate |
When you’re adding a customer connection manually, we’ve added the option to separately download the PingOne encryption certificate. |
IdP discovery |
When you edit a customer connection, you need only specify the domain or domains used for customer email addresses and we will use this information to discover the IdP for the connection. We’ve added the option to set the current connection as the default IdP connection used for all of your applications. We’ve also updated the IdP Discovery popup window to display the application logo and your corporate logo (if you’ve configured this). |
Testing application integration |
For security reasons, we’ve disabled connections to the PingOne Test IdP by default. This connection is enabled only when you select to test your application. We also ensure that you can disable the connection when you’re done testing. |
April-May, 2017
Feature | Description |
---|---|
Corporate branding |
We’ve added an Account → Branding page for you to assign branding to be used for your organization’s account. |
February, 2017
Feature | Description |
---|---|
Salesforce provisioner |
We’ve updated the Salesforce provisioner with the following changes and enhancements:
|
Ticket ID | Issue |
---|---|
SSD-4316 |
Fixed an issue that was prompting a user to activate OAuth when creating a connection for which provisioning was not selected. |
IO-2027 |
We’ve improved the handling of different letter case logins and aliases for the Box provisioner. |
IO-2243 |
Fixed an issue with the Microsoft Office 365 provisioner that was causing an error when trying to retrieve a user during provisioning. |
IO-2242 |
Fixed an issue with the WebEx provisioner’s handling of the timezones not listed in WebEx’s timezone encoding list. |
January, 2017
Ticket ID | Issue |
---|---|
SSD-4040 |
Fixed an issue when filtering dashboard metrics, where filtering by "today" would return 0 results. Also fixed an issue with the mouse over popup on chart data that spanned a DST boundary where the time reported was offset by +1/-1 hour. |
SSD-4071 |
Fixed an issue that was preventing the propagation of SLO settings changed on an application in a PingOne for SaaS Apps account from being applied to all connections to that application. |