PingOne MFA Integration Kit 2.3 (January 2, 2024) - PingFederate - PingOne MFA - PingOne - PingOne Services - PingOne Cloud Platform

• To customize the language for notifications, you no longer have to provide pi.template as a JSON object to change the locale when defining the contract for the adapter. You can just specify the locale using pi.template.locale. See Transaction approval setup.
• If you have not specified a locale with pi.template or pi.template.locale, notifications will use the default browser's language. This requires that the relevant language be enabled in both PingOne and PingFederate.

Previously, the values provided in the pi.template object for notification customization were used only in authentication flows. Now, customization (including dynamic variables) is applied also to pairing flows, one-time device flows, and change device flows.

When authenticating, users who are authorized to manage their devices can now edit the nicknames used for their various authentication devices. This capability is also supported in the PingFederate authentication API (action is called updateDeviceNickname).

Previously, if you defined a custom proxy for an adapter, the host specified with Custom proxy host was not used for OAuth tokens (the token endpoint). These requests used the system default proxy instead, causing the request to fail. This issue has been fixed.

In the PingOne Audit log, events triggered by the MFA adapter now include IDs that can be used to locate events in the PingFederate log. The trackingid field from PingFederate is represented in the PingOne Audit log as sessionId. If you are using version 11.3 or higher of PingFederate, then the transactionid field from PingFederate is also included in the PingOne Audit entry, appearing there as transactionId.

By default, when pairing an email or SMS device, users can enter the email address or phone number. However, the adapter configuration now includes an option called Allow only predefined values for phone or email devices. This option allows you to limit the values to the email addresses and phone numbers stored for the user. If you enable this option, the relevant email address or phone number is already filled in when the user tries to add a device, and the user cannot modify the address/phone number.