September 2023 - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

PingOne Cloud Platform
PingOne Cloud Platform
Guide > Administrator Guide
Product documentation

September 29

Amazon API Gateway integration

PingOne Authorize
Now you can extend Amazon API Gateway’s authorization capabilities with the Lambda authorizer integration kit. Integration allows you to centrally manage authorization requirements using an external policy evaluation service, simple rules, and fine-grained policies. For more information, see Integrating PingOne Authorize with Amazon API Gateway.

September 27

Change a user’s password in Active Directory


PingOne LDAP Gateway can change passwords for users stored in an on-premises Active Directory server if a user’s password expires or the configuration settings require the user to change their password the next time they sign on. For more information, see Adding a user type.

September 26

Just-in-time group provisioning


PingOne can now provision group membership from an external source, such as an external identity provider or LDAP Gateway. Use this feature to provision users to PingOne while maintaining their group membership. You can then manage users based on their group membership, as well as their access to applications. For more information, see Just-in-time provisioning of external groups.

September 21

LDAP Gateway Docker images are now hosted on Docker Hub

The PingOne LDAP Gateway Docker images have moved from the Google Cloud Artifact Registry to Docker Hub. If you are running the PingOne LDAP Gateway as a Docker container, ensure that you update your Docker commands, replacing the old image location with the new location at:
For example, the Docker run command for the latest version is:
docker run ... pingidentity/pingone-ldap-gateway:2.3.4

If you have implemented any automated solutions, you should update those to the new Docker Hub location as well. You can find all supported versions of the PingOne LDAP Gateway at

For backward compatibility, supported versions of LDAP Gateway docker image will remain in the Google Cloud Artifact Registry for a limited time.


The location of the RADIUS Gateway Docker image is not changing at this time.

For more information, see Gateways.

September 19

Composite predictors - if / else if

PingOne Protect
When creating composite predictors, it is now possible to create additional sets of conditions to form an if / else if structure. This allows you to assign different risk levels to different combinations of factors. For details, see Adding composite predictors and the Risk Predictors section in the API documentation.

September 18

New flow types for risk evaluations

PingOne Protect
When providing the flow type as input for a risk evaluation, you can now use other types in addition to AUTHENTICATION. The new flow types supported are: REGISTRATION, ACCESS, AUTHORIZATION, and TRANSACTION. These types can be specified when creating an evaluation with the PingOne API or as part of a DaVinci flow. When viewing risk events in the dashboard, you can filter the data by flow type. For details, see Protect dashboard filters and the Risk Evaluations section in the API documentation.

Enable MFA for users by default

PingOne MFA
In the MFA Settings for your environment, you can now specify whether MFA should be enabled by default for a user when their account is created. For details, see Configuring MFA settings and the MFA Settings section in the API documentation.

September 13

Anonymous Network predictors - WAF providers

PingOne Protect
A learning mechanism has been added to Anonymous Network predictors to reduce the likelihood of legitimate sign-on attempts being identified as coming from anonymous networks, for example, sign-on attempts that involve the WAF solutions used in your organization.

September 11

Support for Twilio voices

Pingone MFA
To align with Twilio’s voice support capabilities, we’ve removed support for the Alice voice. We’ve also enhanced voice support for Man and Woman voice selections.

YubiKey activation when using a PingID device registration subflow

As part of continued work to facilitate an enhanced multi-factor experience using PingOne and PingID, we have made some changes. Due to these changes, when pairing a YubiKey (OTP) using PingID out of PingOne with a PingID device registration subflow, the YubiKey’s status cannot be ACTIVATION_REQUIRED.

September 10

PingID device requirements enforcement in PingOne environments

The PingID device requirements defined in the PingID web portal are now enforced in PingOne, for organizations that have connected their PingID and PingOne environments.

September 6

Updated LDAP Gateway client application

We’ve updated the LDAP Gateway client application to version 2.3.4. The latest version has a lighter footprint, improves security, and reduces dependencies. In addition to Java 8 and 11, version 2.3.4 of the LDAP Gateway also supports Java 17.0.8 or later. For more information, see LDAP Gateways.

September 5

SAML apps and identity providers can now use EC signing algorithms

As an identity provider, PingOne can validate inbound EC-signed SAML 2.0 AuthnRequest and create outbound EC-signed assertions. When connecting to an external SAML identity provider, PingOne can create outbound EC-signed SAML 2.0 AuthnRequest and validate inbound EC-signed SAML responses. For more information, see Certificates and key pairs.