New features

Ticket ID Description


If you have user groups defined in your data store, administrators can add the groups to PingCentral so that application owners can associate them with PingCentral applications and provide application access to many users at once.

Resolved issues

Ticket ID Description


Previously, when modifying an environment, if an identity provider certificate was added or updated, and then the PingFederate admin password was updated, the cursor jumped down to the IDP Certificate Password field each time a key was pressed. This issue has been resolved.


If you update a SAML application with an invalid application name, you now receive a message that explains why your updates cannot be saved.


Previously, if you added an application to PingCentral from the Applications page, unmanaged applications occasionally displayed that you could not manage. This issue has been resolved.


Previously, if you filtered for PingAccess applications, added a PingAccess application by using the Add to PingCentral button, and returned to the Applications page, you might not have been able to view the details of other unmanaged PingAccess applications. This issue has been resolved.


Previously, if you added users through the API and the password and confirmpassword fields were unavailable, the users were created anyway. Now you will receive error messages if this information is missing, or if the information entered in these fields does not match.


Previously, when creating or updating OAuth applications through the API, you received server error messages if the Type attribute or the client JSON was null or missing, or if the redirectUris attribute contained an environment ID but the array of associated URIs was null or missing.

Now, if the Type attribute or client JSON is null or missing, you will receive an error message that more accurately describe the issue. And if the redirectUris attribute contains an environment ID but the associated URIs are null or missing, a null array is now added for that environment.

Known issues

Ticket ID Description


When single sign-on (SSO) is enabled, custom session settings are modifiable, but are not honored.


When SSO is enabled, administrators can add and update users in PingCentral through the User Management page, even though it has no effect.


If PostgreSQL is set up without a database, PingCentral fails to start. To prevent this from happening, add the database to the server before starting PingCentral.


If a certificate is added to a SAML application and a SAML metadata file is subsequently provided that contains a certificate, additional changes to the application cannot be saved. If this occurs, exit the edit page and then access it again.


PingCentral promotes access token mappings and authentication policy contracts (APCs) with OIDC applications, but the APC mappings that link the APCs to the access token managers are not currently promoted with them. If the APC mappings do not already exist in the target PingFederate environments, applications do not function as expected.

When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established so the configurations are invalid.

To resolve these issues, configure the APC mappings within PingFederate.


When application owners use SSO to access PingCentral, administrators cannot assign applications to them prior to the application owners ever accessing PingCentral.

However, after they sign on to PingCentral, administrators can access their account information and assign applications to them.


If you update SAML attributes while updating other application information, the attribute information is not saved. To prevent this from happening, update the attributes and save your changes. Then, you can update additional application information.


When using templates to add Web + API applications to PingCentral, you can drag rules between Web and API policies, which might cause the page to go blank. If this occurs, refresh the browser window.


Virtual resources are available in PingAccess 6.2 or higher, but are not yet available in PingCentral.


When an environment is deleted, applications that were promoted to that environment retain the promotion details from the deleted environment. PingCentral does not remove this information from applications when an environment is no longer available.


Customized authentication challenge responses, which support single-page applications, are also available in PingAccess 6.2 or later. Applications with this type of policy can be added to PingCentral, but cannot be promoted to another environment unless the authentication challenge policy, with the same UUID, also exists in the target environment.


When using PingCentral 1.7, you might occasionally receive a reflective access warning message. You can safely ignore this message.


When creating, updating, or validating an environment through the API, you receive a server error message if the environment Name or Password fields are null or missing. API requests cannot be processed without this information, so ensure that these fields contain valid values.


When creating or validating an environment through the API, you receive a misleading error message if the PingAccess Password field is null. Rather than informing you that the information in this field is invalid, it informs you that you are unable to connect to the PingFederate admin console, which is misleading. Requests to connect PingAccess to a PingCentral environment cannot be processed without this information, so ensure that this field contains a valid value.


If you attempt to add a SAML application to PingCentral from an existing application through the API, and the connection JSON contains identity attribute names and placeholders, you receive an error message advising you to nullify the Names field. However, even if you nullify this field you still receive an error message because the JSON contains placeholders. Remove these placeholders before you proceed.