While Ping Identity provides many proprietary integrations for PingOne DaVinci, some connectors work with third-party services. You should review the security best practices documentation for those services.
Some general security best practices to consider when using third-party connectors in your DaVinci flow are:
- When passing any secrets, keys, or passwords as output variables through the HTTP connector,
mark them as
Secure
in the connector configuration. - The account with the third-party service or on-premise resource should follow the principle of least privilege and only be granted the permissions necessary to perform the actions required by the connector.
- Whenever using custom JavaScript, HTML, or CSS in a DaVinci connector, you should follow general secure coding guidelines to avoid the introduction of any security vulnerabilities, privacy violations, or other unintended behavior.