January 2024 - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

PingOne Cloud Platform
PingOne Cloud Platform
Guide > Administrator Guide
Product documentation

January 16

Support for multiple client secrets in OIDC applications and custom resources

After you update a client secret in PingOne, you must ensure that any applications or resources that use the secret are updated. Previously, if there was lag time between when a new client secret was generated and when application or resource owners updated the application or resource to use the new secret, errors could occur because the old secret was invalidated immediately. Now you can choose to retain the previous client secret for up to 30 days, giving application or resource owners time to update the secret without end users experiencing errors in the meantime. Additionally, you can immediately revoke the previous client secret at any time during the retention period if it is no longer needed.

Multiple client secret support applies only to OIDC-based applications and custom resources at this time. You can use the PingOne admin console or the PingOne API to generate a new client secret and define a retention period for the previous secret. For more information, see Rotating the client secret for an application and Rotating the client secret for a resource.

Use the policy request parameter with the PingOne Application Portal

You can now use the optional policy request parameter to specify which policy to use for the Application Portal application. The authentication policy defines the sign-on requirements for accessing the Application Portal. For more information, see Applying authentication policies to the Application Portal.

PingOne Signals SDK 5.2.10 (web only)


Version 5.2.10 of the PingOne Signals SDK for web has been released.

This version contains performance improvements for initialization of the SDK.

January 11

Application permissions and roles

PingOne Authorize

Managing permissions in your custom applications is now as easy as checking a box. Now you can:

  • Define permissions for application features and APIs without changing your application code
  • Centralize permissions enforcement through your API gateway
  • Manage permissions assignment with roles
  • Extend permissions with custom policies

For more information, see Application permissions.

January 8

PingID users can manage their devices from PingOne MyAccounts page

PingOne MFA
We've added the following features to allow PingID users to manage their devices from the PingOne MyAccount page, rather than the PingID Devices page:
  • Self Service: We’ve added the Manage PingID Devices via MyAccount option to enable PingID workforce users to manage their devices through the MyAccount app.
  • MyAccount app reduced scopes: The Allow user actions according to granted authentication scopes check box provides a limited subset of scopes for users that have not yet authenticated. When this option is selected users are required to authenticate to get a more complete set of scopes that allow them to add or change a device. When the Manage PingID Devices via MyAccount option is selected in Self-Service, this option is automatically selected. For information, see Self service.
  • Reordering the device list: We’ve added the ability to drag and drop devices to reorder them in the MyAccount device list.

January 7

User Devices report

PingOne MFA

You can now view and export reports that list the details of MFA devices, such as the username and user ID associated with the device, using a number of device-related filters. For example, you can generate a report listing all email devices or a report containing all of the devices whose phone number starts with a certain country code. Results can be exported in csv or json format.

For details, see User Devices report.

January 4

Composite predictors - user ID and user name

PingOne Protect

When composing a composite predictor, you can now include user name and user ID as criteria. You can use this feature to assign a different risk level for user names or user IDs that contain specific strings, for example, a specific domain name.

For details, see Adding composite predictors and the Risk Predictors section in the API documentation.

January 3

CORS support added

We’ve added support for cross-origin resource sharing (CORS) to PingOne. CORS allows devices on one domain to access resources on another domain. Configure CORS settings to enable your OIDC or SAML application to access third-party resources, such as cross-origin images, scripts, and stylesheets. For more information, see Cross-origin resource sharing.