October 2022 - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne
PingOne Cloud Platform
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide
Guide > Administrator Guide
Page created: 15 Nov 2022 |
Page updated: 14 Sep 2023

October 31

Scope-based access control for protected API operations

PingOne Authorize
New

With your API gateway integration, you can now define scope-based rules to control access to protected API operations. Scopes determine the resources that a client can access. For example, banking applications utilize scopes to control what data is shared with third party applications.

For more information, see Defining operations for protected actions.

October 28

Use JSON attribute mappings for resources

PingOne
New
You can now map complex JSON attributes as part of a PingOne resource. Use this feature to pass complex JSON data to applications through an access token. For more information, see Editing a resource.

LDAP Gateway license entitlements

PingOne
Improved

We've improved the way the PingOne LDAP Gateway enforces license entitlements. If you have enabled features that are no longer available because of license changes, PingOne will continue to process runtime transactions based on the previously configured settings.

The Gateways page in the PingOne admin console shows admins what they can and cannot do based on their license. For example, you cannot add a new LDAP Gateway if your license no longer includes the LDAP Gateway entitlement.

Manage data privacy and consent in the cloud

PingOne Authorize
New

Now you can add built-in statements to policies that filter and transform request and response data. This allows you to manage privacy and consent use cases, like consent evaluation before sharing customer data, with your API gateway integration.

For more information, see Adding statements to policies and rules.

October 26

Rolling grace period for refresh tokens

PingOne
New
PingOne now accepts a client’s previous token, if the client fails to get a new token during a refresh token roll. This is based on the per-application Refresh Token Rolling Grace Period setting. For more information, see Editing an application - OIDC.

Name format for attributes

PingOne
New
Administrators can now choose the name format for all attributes when configuring attribute mappings for SAML and WS-Fed applications. For more information, see Editing an application - SAML.

October 25

Workday write-back provisioning

PingOne
New
We've added support for write-back attributes in the Workday provisioning connector. You can use the Workday connector to write back attributes between PingOne and Workday. For more information, see Configuring write-back provisioning.

Token introspection

PingOne
New

Resources can now use the token introspection endpoint to get detailed information about access tokens, such as validity, as well as which user and which scopes are associated with the token. For more information, see Token introspection.

October 21

Wildcards in redirect URIs

PingOne
New

You can now use a wildcard when specifying the redirect URI for an application in PingOne. Rather than entering an exact URI, you can use a wildcard to include multiple paths using one entry. This option can help you lower administration costs by reducing the number of redirect URIs in your applications. For more information, see Redirect URIs.

October 19

PingOne Protect SDK

PingOne Risk
New

PingOne Protect now includes an SDK that allows you to obtain additional risk-related data and pass the data to the risk evaluation, resulting in improved detection.

Versions of the SDK are provided for iOS, Android, and web.

For details, see the Risk SDK documentation.

Control access to operations using basic or fine-grained authorization policies

PingOne Authorize
New

With your API gateway integration, you can configure group-based rules for centralized access control of API operations. Now, for more granularity, you can write custom authorization policies to control access based on user, access token, and request header attributes.

For more information, see Defining operations for protected actions.

October 18

ServiceNow provisioning

PingOne
New

PingOne now supports ServiceNow for outbound provisioning. You can synchronize PingOne identities to ServiceNow using the provisioning connector. For more information, see Provisioning.

October 4

Multiple resources can use the same scope value

PingOne
Improved

Different resources in the same environment can now use the same scopes. Previously, you could not add a scope to a resource if that scope was already assigned to a different resource. This feature makes it easier for admins to manage resource scopes because they don't have to ensure that they use unique scopes for each resource.

For more information, see Resource scopes.

October 2

New capabilities for PingOne Fraud

PingOne Fraud
Improved
PingOne Fraud has been improved with the following features to enable administrators to mitigate attacks faster and make smarter decisions related to fraud:
Improved BOT detection
PingOne Fraud's intelligent machine learning model has been improved and is now able to detect more bots.

The updated machine learning (ML) model is trained to use behavioral and biometrics attributes to detect a wider range of device interaction anomalies and more precisely than the previous ML model.

Improved cluster management
PingOne Fraud cluster management now enables you to:
  • Adjust the risk level of a cluster to fit your unique business requirements. You can now assign a risk level according to the threat associated with a cluster, and use the risk level to apply the mitigation method most appropriate for the cluster. For example, you might choose to define a cluster that detects emulators as high risk, and a cluster that detects rooted devices as medium risk.
  • Adjust cluster parameters according to your unique business requirements. For example, for a cluster that detects whether a device is being used by multiple users within a specific time period. You can define a specific time period, and adjust the number of shared users permitted within that time period.
New account takeover detection capabilities
PingOne Fraud can now detect account takeover attempts, such as credential stuffing and password spraying attacks that use automation tools such as bots and emulators.
Analytics improvements
PingOne Fraud analytics now provides greater visibility of fraud events. You can:
  • View Device Analytics And User Analytics to help you assess both device and user association with fraudulent events.
  • View Fraud Analytics to learn more about fraudulent trends detected in your application. Use this information to plan strategies to mitigate attacks faster, and make informed decisions to reduce fraudulent events.
Fraud Console UI improvements
PingOne Fraud PingFederate console Session Analysis window, Tags & Events tab is enhanced to provide additional indicators showing the following information:
  • The date and time that a risk level was recorded.
  • The date and time the risk level was last updated.
  • The date and time at which a FraudEvaluation API call was last made to retrieve the fraud risk level, and the risk level recorded in the response.