February 2024 - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne
PingOne Cloud Platform
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide
Guide > Administrator Guide

February 28

OAuth 2.0 device authorization grant support added

PingOne
New
We’ve added support for the device authorization grant type, which you can use to enable users to authorize access to a protected resource on a device with limited user input capabilities, such as a smart TV, using a browser on a second device, such as a smartphone or computer.

For more information, see Device authorization and Editing an application - Device authorization.

PingOne API - resend OTP for pairing device

PingOne MFA
New
To cover situations where a user did not receive the one-time passcode (OTP) that was sent for pairing a device, the PingOne API now provides a request for resending the OTP. For details, see Resend Pairing OTP in the API documentation.

Updated UI for sender configuration

PingOne MFA
Improved
The user interface for configuring senders for email and SMS/voice has been updated to be more streamlined and intuitive.

February 20

User verification field added to User Devices report

PingOne MFA
Improved
When you generate a User Devices report, the report now include a field called fidoUserVerification, which indicates whether user verification has been performed successfully with a FIDO device during registration or authentication. For more information on user verification, see Adding a FIDO policy.

PingOne MFA User Devices chart

PingOne MFA
New
We've added the User Devices chart to the PingOne MFA dashboards. The User Devices chart is comprised of the following two charts (in the drill-down view):
  • User Devices: view the number or percentage of devices used by the authentication method.
  • App Version: view mobile applications by version.
You can filter the results by primary or secondary device, and OS version (Android or iOS).

For more information, see User devices and app version charts.

February 14

Support for client secret JWT and private key JWT in OIDC applications and custom resources

PingOne
New
OIDC-based applications and custom resources in PingOne now support client secret JWT and private key JWT for token introspection endpoint authentication method. OIDC applications also now support asymmetric request object signing algorithms. You must provide either the JSON Web Key Set (JWKS) itself or the URL where PingOne can retrieve the JWKS to use private key JWT for authentication and for an OIDC application to send asymmetrically signed request objects.

For more information, see Token endpoint authentication methods, Editing an application, and Editing a resource.

February 12

New risk predictor - Adversary-in-the-Middle (AitM)

PingOne Protect
New

To further enhance its ability to prevent account takeover, PingOne Protect now has a dedicated risk predictor to handle Adversary-in-the-Middle attacks.

AitM is a variant of Man-in-the-Middle attacks in which a malicious actor uses a reverse proxy to position themselves between a user and an online service in order to obtain user credentials and session tokens. This type of attack circumvents the protection usually provided by OTP-based multi-factor authentication, and of late has become a common technique in phishing attempts.

For details, see Configuring predictors and Risk Predictors in the API documentation.

PingOne Protect dashboard - event details table

PingOne Protect
Improved
For the individual charts included in the PingOne Protect dashboard (other than Risk Heat Map) the event details table now includes all risk evaluation events, even those where all the risk predictors in the policy indicated low risk.

Risky IP chart - bot detection

PingOne Protect
Improved

The bot detection predictor is now taken into account when categorizing IPs as risky.

On the Risky IP chart, when you click View Details to see why an IP was categorized as high-risk, you may see bot detection given as a reason.

February 6

Outbound Group Provisioning

PingOne
New
PingOne now supports outbound group provisioning. Use PingOne provisioning to sync groups along with its memberships out of PingOne to a connected software as a service (SaaS) application. For more information, see Outbound group provisioning.

February 1

New LDAP Gateway service connection

PingOne Authorize
New
With the new Gateway service, you can retrieve user profile information stored in on-premise and external LDAP directories, such as PingDirectory or Microsoft Active Directory, for use in authorization policies. User data is cached for improved performance. For more information, see Authorization services.