August 2023 - PingOne - PingOne Cloud Platform

A number of adjustments have been made to enhance the accuracy of risk detection for user location anomalies. To help you get a better picture of the risk involved, user location anomalies now yield a risk level of Medium or High, depending on the extent of the deviation from the defined radius.

We've updated the Agreements page. You can now see the enabled languages and content for each agreement at a glance. You also have quick access to creating or editing agreements. For more information, see Agreements.

PingOne now supports inbound user provisioning through an LDAP gateway. You can provision users to PingOne from an external PingDirectory or Microsoft Active Directory user store. For more information, see Creating an LDAP gateway provisioning connection.

To improve data security and align with industry standards, we’re reducing the retention period for PingOne audit data from two years to 45 days on September 1, 2023. Data older than 45 days will be removed at this time. To retain your existing PingOne data, use the PingOne/activities API to download the data within the 45-day time frame.

To retain PingOne data for longer than 45 days going forward, set up webhooks before September 1 to stream the data to your own repository and configure your own retention policy. For more information, see Webhooks.

For more information about auditing in PingOne, see Audit.

For more information about the data retention changes, contact Support.

We’ve released LDAP Gateway client version 2.3.3. In this version, you’ll find enhancements to verbose logging, improved certificate handling, and stability improvements. The standalone LDAP Gateway client version 2.3.3 requires Java 8u301 (or later) or Java 11.0.12 (or later). For more information, see Gateways.

PingOne can offer additional security by invalidating access tokens and refresh tokens when a refresh token is reused. Refresh token rotation, as defined in the OAuth 2.0 specification, ensures that refresh tokens are used only once. For more information, see Refresh token rotation.

PingOne now considers the RequestedAuthnContext setting when evaluating policy decisions for SAML applications. The RequestedAuthnContext setting determines the authentication method that PingOne will use for a given user. For more information, see RequestedAuthnContext.

PingOne now supports pushed authorization requests (PAR) to securely initiate authorization flows. Applications can use a PAR to send their authorization requests directly to PingOne, without going through the browser, which safeguards sensitive data from end-user devices. For more information, see Pushed authorization requests.

The Risk Policies page now includes a Risk Policy Assistant that you can use to generate risk policies that match your environment's needs. On the basis of your responses to a number of basic questions, the assistant creates one or more initial policies, assigning different scores to the various predictors to maximize the accuracy of your risk evaluations.

To make applications easier to manage, PingOne now includes additional application details on the Overview tab. You can use the Overview tab to quickly locate and copy important information about an application, such as its Environment ID, client secret (OIDC), or single sign-on URL (SAML). Use this information to integrate PingOne applications with external identity providers or other applications. For more information, see Viewing application details.