PingOne uses key rotation to automatically generate new cryptographic keys at a particular interval. The default rotation is 90 days, which exceeds industry best practices.
Administrators can review and fine-tune key rotation policies by using the PingOne API. For more information, see Key rotation policies in the PingOne Platform API Reference.
- OIDC Web apps
- Native apps
- Single-Page apps
- Custom apps created through the Management API. For more information, see Application operations in the PingOne API Reference.
Although any OIDC-based application can be configured to use the KRP, if the application is configured with scopes from the PingOne API and if the application includes PingOne API scopes in its authorization requests, PingOne uses the PingOne default key to sign the access tokens.