July 2022 - PingOne - PingOne Cloud Platform

If you are using Microsoft Active Directory as your LDAP user store, you can now use Kerberos for authentication. PingOne will authenticate users against the Active Directory user store using the Kerberos authentication protocol. Microsoft Active Directory is the only directory that currently supports Kerberos for authentication. For more information, see Kerberos authentication.

PingOne now supports Slack for outbound provisioning. You can synchronize PingOne identities to Slack using the PingOne provisioning connector. For more information, see Provisioning.

PingOne now supports Zoom for outbound provisioning. You can synchronize PingOne identities to Zoom using the PingOne provisioning connector. For more information, see Provisioning.

• When defining a sign-on policy in PingOne, MFA steps are added now by referencing an existing MFA policy rather than having to define the specific authentication methods that are allowed.
• On the MFA Policies page, there is no longer an environment MFA policy and a separate list of API MFA policies. All MFA policies defined can be used both as part of a sign-on policy or in an application that uses the MFA API. Any of the defined policies can be specified to serve as the default MFA policy.
• Modifications have been made to the MFA API to reflect these changes. For details, see Sign-On Policy Actions in the API documentation.

Organizations using the Essentials license are no longer able to create new MFA policies or create new MFA actions in authentication (sign-on) policies. This applies both to the PingOne UI and the MFA API.

Authentication policies with existing MFA actions can still be used, as can existing MFA policies. However, new settings cannot be added to existing policies.

For organizations that prefer to maintain their own user device information, it is now possible to use the MFA API to initiate authentication while providing the information necessary for contacting the user. For details, see MFA Device Authentications in the API documentation.

Using flows designed with PingOne DaVinci or the PingOne MFA API, it is now possible to create passwordless authentication flows that require only FIDO2 authentication with no need for the user to provide their username (on devices that support FIDO2 authentication via security keys or biometrics). For more information, see MFA Device Authentications in the PingOne API documentation.

PingOne Fraud has been improved with the following features to enable administrators to mitigate attacks faster and make smarter decisions related to fraud:

Improved BOT detection

PingOne Fraud can now detect a wider range of bots, and faster than before.

Detection of a wider range of suspicious devices

PingOne Fraud is now able to detect a wider range of device frameworks and device attributes that are commonly associated with fraudulent usage intent. This data is visible in the PingOne Fraud console cluster analysis window, which enables admins to evaluate and analyze before activation and post-activation.

New account fraud detection capabilities added

PingOne Fraud can now detect fraudulent attacks that occur when setting up new accounts, such as bulk account creation, credit card testing, and coupon abuse.

Improved cluster management

PingOne Fraud cluster management now enables to track cluster’s performance over time, provide feedback in the form of labels to improve detection, and evaluate the precision of a cluster. You can leverage this toolset when evaluating a specific cluster, and deciding either to make it available for detection. You can then set the cluster execution state to either:

• Operational: The cluster detection logic is used for real-time risk based decisioning.
• Silent: The cluster detection logic is executed for evaluation purposes only.

Analytics improvements

PingOne Fraud analytics is improved, to provide greater visibility of fraud events. You can now view device analytics, and user analytics to help you assess both device and user association with fraudulent events. You can also view Fraud Analytics, to learn more about fraudulent trends detected in your application, and use this information to plan strategies to mitigate attacks faster and make informed decisions to reduce fraudulent events.

Fraud Console UI improvements

PingOne Fraud PingOne Fraud PingFederate console is enhanced to provide the following functionalities:

• The ability to view active sessions.
• An Updated UI that matches the look and feel of other PingOne products.
• Fraud dashboards features are now documented in the PingOne Cloud Platform documentation.