January 16
Support for multiple client secrets in OIDC applications and custom resources
Multiple client secret support applies only to OIDC-based applications and custom resources at this time. You can use the PingOne admin console or the PingOne API to generate a new client secret and define a retention period for the previous secret. For more information, see Rotating the client secret for an application and Rotating the client secret for a resource.
Use the policy request parameter with the PingOne Application Portal
PingOne Signals SDK 5.2.10 (web only)
Version 5.2.10 of the PingOne Signals SDK for web has been released.
This version contains performance improvements for initialization of the SDK.
January 11
Application permissions and roles
Managing permissions in your custom applications is now as easy as checking a box. Now you can:
- Define permissions for application features and APIs without changing your application code
- Centralize permissions enforcement through your API gateway
- Manage permissions assignment with roles
- Extend permissions with custom policies
For more information, see Application permissions.
January 8
PingID users can manage their devices from PingOne MyAccounts page
- Self Service: We’ve added the Manage PingID Devices via MyAccount option to enable PingID workforce users to manage their devices through the MyAccount app.
- MyAccount app reduced scopes: The Allow user actions according to granted authentication scopes check box provides a limited subset of scopes for users that have not yet authenticated. When this option is selected users are required to authenticate to get a more complete set of scopes that allow them to add or change a device. When the Manage PingID Devices via MyAccount option is selected in Self-Service, this option is automatically selected. For information, see Self service.
- Reordering the device list: We’ve added the ability to drag and drop devices to reorder them in the MyAccount device list.
January 7
User Devices report
You can now view and export reports that list the details of MFA devices, such as the username and user ID associated with the device, using a number of device-related filters. For example, you can generate a report listing all email devices or a report containing all of the devices whose phone number starts with a certain country code. Results can be exported in csv or json format.
For details, see User Devices report.
January 4
Composite predictors - user ID and user name
When composing a composite predictor, you can now include user name and user ID as criteria. You can use this feature to assign a different risk level for user names or user IDs that contain specific strings, for example, a specific domain name.
For details, see Adding composite predictors and the Risk Predictors section in the API documentation.