February 28
OAuth 2.0 device authorization grant support added
For more information, see Device authorization and Editing an application - Device authorization.
PingOne API - resend OTP for pairing device
Updated UI for sender configuration
February 20
User verification field added to User Devices report
PingOne MFA User Devices chart
- User Devices: view the number or percentage of devices used by the authentication method.
- App Version: view mobile applications by version.
For more information, see User devices and app version charts.
February 14
Support for client secret JWT and private key JWT in OIDC applications and custom resources
For more information, see Token endpoint authentication methods, Editing an application, and Editing a resource.
February 12
New risk predictor - Adversary-in-the-Middle (AitM)
To further enhance its ability to prevent account takeover, PingOne Protect now has a dedicated risk predictor to handle Adversary-in-the-Middle attacks.
AitM is a variant of Man-in-the-Middle attacks in which a malicious actor uses a reverse proxy to position themselves between a user and an online service in order to obtain user credentials and session tokens. This type of attack circumvents the protection usually provided by OTP-based multi-factor authentication, and of late has become a common technique in phishing attempts.
For details, see Configuring predictors and Risk Predictors in the API documentation.
PingOne Protect dashboard - event details table
Risky IP chart - bot detection
The bot detection predictor is now taken into account when categorizing IPs as risky.
On the Risky IP chart, when you click View Details to see why an IP was categorized as high-risk, you may see bot detection given as a reason.