October 31
Scope-based access control for protected API operations
With your API gateway integration, you can now define scope-based rules to control access to protected API operations. Scopes determine the resources that a client can access. For example, banking applications utilize scopes to control what data is shared with third party applications.
For more information, see Defining operations for protected actions.
October 28
Use JSON attribute mappings for resources
LDAP Gateway license entitlements
We've improved the way the PingOne LDAP Gateway enforces license entitlements. If you have enabled features that are no longer available because of license changes, PingOne will continue to process runtime transactions based on the previously configured settings.
The Gateways page in the PingOne admin console shows admins what they can and cannot do based on their license. For example, you cannot add a new LDAP Gateway if your license no longer includes the LDAP Gateway entitlement.
Manage data privacy and consent in the cloud
Now you can add built-in statements to policies that filter and transform request and response data. This allows you to manage privacy and consent use cases, like consent evaluation before sharing customer data, with your API gateway integration.
For more information, see Adding statements to policies and rules.
October 26
Rolling grace period for refresh tokens
Name format for attributes
October 25
Workday write-back provisioning
Token introspection
Resources can now use the token introspection endpoint to get detailed information about access tokens, such as validity, as well as which user and which scopes are associated with the token. For more information, see Token introspection.
October 21
Wildcards in redirect URIs
You can now use a wildcard when specifying the redirect URI for an application in PingOne. Rather than entering an exact URI, you can use a wildcard to include multiple paths using one entry. This option can help you lower administration costs by reducing the number of redirect URIs in your applications. For more information, see Redirect URIs.
October 19
PingOne Protect SDK
PingOne Protect now includes an SDK that allows you to obtain additional risk-related data and pass the data to the risk evaluation, resulting in improved detection.
Versions of the SDK are provided for iOS, Android, and web.
For details, see the Risk SDK documentation.
Control access to operations using basic or fine-grained authorization policies
With your API gateway integration, you can configure group-based rules for centralized access control of API operations. Now, for more granularity, you can write custom authorization policies to control access based on user, access token, and request header attributes.
For more information, see Defining operations for protected actions.
October 18
ServiceNow provisioning
PingOne now supports ServiceNow for outbound provisioning. You can synchronize PingOne identities to ServiceNow using the provisioning connector. For more information, see Provisioning.
October 4
Multiple resources can use the same scope value
Different resources in the same environment can now use the same scopes. Previously, you could not add a scope to a resource if that scope was already assigned to a different resource. This feature makes it easier for admins to manage resource scopes because they don't have to ensure that they use unique scopes for each resource.
For more information, see Resource scopes.
October 2
New capabilities for PingOne Fraud
- Improved BOT detection
-
PingOne Fraud's intelligent machine learning model has
been improved and is now able to detect more bots.
The updated machine learning (ML) model is trained to use behavioral and biometrics attributes to detect a wider range of device interaction anomalies and more precisely than the previous ML model.
- Improved cluster management
- PingOne Fraud cluster management now enables you to:
- Adjust the risk level of a cluster to fit your unique business requirements. You can now assign a risk level according to the threat associated with a cluster, and use the risk level to apply the mitigation method most appropriate for the cluster. For example, you might choose to define a cluster that detects emulators as high risk, and a cluster that detects rooted devices as medium risk.
- Adjust cluster parameters according to your unique business requirements. For example, for a cluster that detects whether a device is being used by multiple users within a specific time period. You can define a specific time period, and adjust the number of shared users permitted within that time period.
- New account takeover detection capabilities
- PingOne Fraud can now detect account takeover attempts, such as credential stuffing and password spraying attacks that use automation tools such as bots and emulators.
- Analytics improvements
- PingOne Fraud analytics now provides greater visibility of
fraud events. You can:
- View Device Analytics And User Analytics to help you assess both device and user association with fraudulent events.
- View Fraud Analytics to learn more about fraudulent trends detected in your application. Use this information to plan strategies to mitigate attacks faster, and make informed decisions to reduce fraudulent events.
- Fraud Console UI improvements
- PingOne Fraud
PingFederate console
Session Analysis window,
Tags & Events tab is enhanced to
provide additional indicators showing the following information:
- The date and time that a risk level was recorded.
- The date and time the risk level was last updated.
- The date and time at which a FraudEvaluation API call was last made to retrieve the fraud risk level, and the risk level recorded in the response.