December 2022 - PingOne - PingOne Cloud Platform

With your API gateway integration, you can now use external providers, such as PingFederate, to manage access token validation. This allows you to use claims, from externally validated tokens passed in decision requests, in your custom policies. For more information, see API services.

We've added a new RADIUS gateway, that can be used to orchestrate user authentication flows by leveraging the PingOne DaVinci orchestration engine. The PingOne RADIUS gateway is a lightweight RADIUS Server that acts as a bridge between an on-premise VPN or Remote access system, and PingOne. For information, see RADIUS Gateways.

We've added a new PingOne RADIUS gateway connector. Use this connector to orchestrate user authentication flows that are initiated by authentication requests using the RADIUS protocol. For information, see PingOne RADIUS gateway connector.

The new PingID connector is available. This connector includes an increased set capabilities and is based on the PingOne API, and replaces the previous PingID connector (now called PingID Legacy Connector). For information, see PingID connector.

You can now unlock a user device directly from the admin console. For information, see Enabling or unlocking a user account or device.

In PingOne, you can now use advanced expressions for resource attribute mapping. Advanced expressions use the Ping Expression Language to identify user attributes. This feature gives you more flexibility and control when mapping attributes for your application resources. For more information, see Resources.

New unified login for PingOne is now available and requires a verified email. For more information, see End users: Verifying an email address and Verifying an email address for a user.

We’ve updated the user experience in the user management pages in PingOne. The new user interface is clean and modern, and allows administrators to manage user configuration with fewer clicks. For more information, see Users.

Admins can now require a user to verify their email address. Email verification ensures that a user received and can access email messages from PingOne. When you verify a user's email address, PingOne sends an email with a verification code. The user enters the code into PingOne to verify their email address. For the API, the authentication flow status includes a emailVerified flag. For more information, see Verifying an email address for a user.

PingOne now accepts Kerberos tokens in RequestSecurityToken (RST) requests from Microsoft 365 applications. This provides end-users with a seamless sign-on experience. For more information, see Enabling Kerberos authentication.

The LDAP Gateway now stores the ms-DS-ConsistencyGuid values in a Microsoft 365-consumable format. The LDAP Gateway also stores objectGUID values in PingOne in the same format.

For more information, see Adding Microsoft 365 to PingOne.

PingOne now allows you to configure a connection to Active Directory without connection security. The Active Directory connection security defaults to TLS, but you can configure the connection security as None.

You can use this feature for initial configuration or proof of concepts, but for production environments, we recommend using TLS security. Also, if you configure no security, you won’t be able to issue password change requests to Active Directory.

For more information, see Adding an LDAP gateway.