Associating your sign-on policy with your web app - PingOne Cloud Platform - PingOne

PingOne Cloud Platform

bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne Cloud Platform
PingOne
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide > Administrator Guide
Guide

Depending on the sensitivity of information and processing capabilities of each application, an organization can determine that multi-factor authentication (MFA) requirements for some applications are more stringent than for others.

PingOne provides the capability to define multiple MFA sign-on policies. You can configure one application to use a particular sign-on policy and another application to use a different policy.

The authentication flow is configured at the application level through a sign-on policy. If you don't assign a sign-on policy to your web application, it uses the environment's default sign-on policy. You can create multiple sign-on policies and associate them with different OpenID Connect (OIDC) applications.

You can also associate multiple sign-on policies with a single application. Policies are applied in the order in which they appear in the list. PingOne evaluates the first policy in the list first. If the requirements of the policy are not met, PingOne moves to the next policy in the list.

Associating your sign-on policy with your web app console

  1. Go to Applications > Applications.
  2. Locate your web application and click it to open the details panel.
  3. Click the Policies tab.
  4. Click the Pencil icon to enter edit mode.
  5. In the PingOne Policies list, locate the policy you created in the previous step.

    For example, MFA-only.

  6. Select the check box for the appropriate policy.
  7. Click Save.

Create a user

Associating your sign-on policy with your web app API alternative

Application developers can use the API operations to associate a sign-on policy with an application.

  • Use the access token generated through the worker app and the following POST operation to assign the new sign-on policy to an application:
    POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{appID}}/signOnPolicyAssignments

    See POST: Step 3: Assign the sign-on policy to an application.

Create a user