PingAccess 7.3.2 (October 2023) - PingAccess - 7.3


PingAccess 7.3

Configure Microsoft Azure AD as the token provider for administrative API OAuth


Added support for OAuth tokens created by Microsoft Azure AD for administrative API OAuth. This improves account security for administrators with Microsoft Azure AD configured as the token provider and enables administrators to use their own accounts to configure PingAccess via admin API calls. Relaxed the following PingAccess requirements:

  • If you're using either a common token provider or administrative token provider configuration, you can now use a local access token validator to bypass administrative API OAuth validation that checks whether the token provider supports the introspection endpoint. This is necessary because Microsoft Azure AD does not have an introspection endpoint.
  • The administrative API OAuth no longer enforces whether an administrative token contains a scope claim with a configurable value, because Microsoft Azure AD uses a scp claim instead.

Map SAML tokens as HTTP request headers


Added the ability to map the SAML token received from a SAML token mediator site authenticator to an HTTP request header that you specify instead of mapping the token as a request cookie. For more information, see the Logged In Header Name field.

Fixed object ID override for key pairs and certificates imported through the administrative API


Fixed an issue that caused PingAccess to replace object IDs defined on key pairs or certificates imported through the administrative API with an auto-generated object ID.

Additionally, the POST /keyPairs/import and POST /certificates API models have been updated to include more information on how to assign an ID for these object types.

Fixed exclusion of admin API OAuth configuration from bulk export


Fixed an issue that caused admin API OAuth settings to be excluded from bulk export operations if you configure admin API OAuth with an access token validator but haven't set client credentials.