October 2022 - PingOne - PingOne Cloud Platform

With your API gateway integration, you can now define scope-based rules to control access to protected API operations. Scopes determine the resources that a client can access. For example, banking applications utilize scopes to control what data is shared with third party applications.

For more information, see Defining operations for protected actions.

We've improved the way the PingOne LDAP Gateway enforces license entitlements. If you have enabled features that are no longer available because of license changes, PingOne will continue to process runtime transactions based on the previously configured settings.

The Gateways page in the PingOne admin console shows admins what they can and cannot do based on their license. For example, you cannot add a new LDAP Gateway if your license no longer includes the LDAP Gateway entitlement.

Now you can add built-in statements to policies that filter and transform request and response data. This allows you to manage privacy and consent use cases, like consent evaluation before sharing customer data, with your API gateway integration.

For more information, see Adding statements to policies and rules.

You can now use a wildcard when specifying the redirect URI for an application in PingOne. Rather than entering an exact URI, you can use a wildcard to include multiple paths using one entry. This option can help you lower administration costs by reducing the number of redirect URIs in your applications. For more information, see Redirect URIs.

PingOne Protect now includes an SDK that allows you to obtain additional risk-related data and pass the data to the risk evaluation, resulting in improved detection.

Versions of the SDK are provided for iOS, Android, and web.

For details, see the Risk SDK documentation.

With your API gateway integration, you can configure group-based rules for centralized access control of API operations. Now, for more granularity, you can write custom authorization policies to control access based on user, access token, and request header attributes.

For more information, see Defining operations for protected actions.

PingOne now supports ServiceNow for outbound provisioning. You can synchronize PingOne identities to ServiceNow using the provisioning connector. For more information, see Provisioning.

Different resources in the same environment can now use the same scopes. Previously, you could not add a scope to a resource if that scope was already assigned to a different resource. This feature makes it easier for admins to manage resource scopes because they don't have to ensure that they use unique scopes for each resource.

For more information, see Resource scopes.

Improved BOT detection

PingOne Fraud's intelligent machine learning model has been improved and is now able to detect more bots.

The updated machine learning (ML) model is trained to use behavioral and biometrics attributes to detect a wider range of device interaction anomalies and more precisely than the previous ML model.

Improved cluster management

PingOne Fraud cluster management now enables you to:

• Adjust the risk level of a cluster to fit your unique business requirements. You can now assign a risk level according to the threat associated with a cluster, and use the risk level to apply the mitigation method most appropriate for the cluster. For example, you might choose to define a cluster that detects emulators as high risk, and a cluster that detects rooted devices as medium risk.
• Adjust cluster parameters according to your unique business requirements. For example, for a cluster that detects whether a device is being used by multiple users within a specific time period. You can define a specific time period, and adjust the number of shared users permitted within that time period.

New account takeover detection capabilities

PingOne Fraud can now detect account takeover attempts, such as credential stuffing and password spraying attacks that use automation tools such as bots and emulators.

Analytics improvements

PingOne Fraud analytics now provides greater visibility of fraud events. You can:

• View Device Analytics And User Analytics to help you assess both device and user association with fraudulent events.
• View Fraud Analytics to learn more about fraudulent trends detected in your application. Use this information to plan strategies to mitigate attacks faster, and make informed decisions to reduce fraudulent events.

Fraud Console UI improvements

PingOne Fraud PingFederate console Session Analysis window, Tags & Events tab is enhanced to provide additional indicators showing the following information:

• The date and time that a risk level was recorded.
• The date and time the risk level was last updated.
• The date and time at which a FraudEvaluation API call was last made to retrieve the fraud risk level, and the risk level recorded in the response.