February 2022
| Feature | Description |
|---|---|
|
Manual Connection IdPID |
Removed the ability to change the idpid value for an existing manual customer connection. The idpid value acts as the identifier for an IdP connection, and changing it can cause unexpected behavior. If you need to change the idpid value, you can create a new manual connection. For more information, see What is an idpId?. |
October 2021
| Feature | Description |
|---|---|
|
SSO/SLO |
Increased the max-age parameter of the
strict-transport-security header for
the The previous max-age was 1 year. The new max-age is 2 years. |
September 2021
| Feature | Description |
|---|---|
|
Custom Entity ID |
Added the ability to define a custom entity ID for applications that are enabled through PingOne. If a custom entity ID is in use by a non-multiplexed connection, it cannot be changed. For more information, see Add or update other applications. |
|
SSO Summary Report |
Added a new SSO User Count report type. The SSO User Count report counts the total number of unique users for a customer during the specified period. You can run the report either by customer name or IdP ID. For more information, see PingOne for Enterprise report types. |
| Ticket ID | Issue |
|---|---|
|
SSD-16877 |
Fixed an issue that reassigned the signing certificate to the default signing certificate when the signingCertFingerprint parameter was not specified when updating a customer connection. |
July 2021
| Feature | Description |
|---|---|
|
Customer Connection API |
Added a feature allowing you to delete customer connections and application connections using the customer connection API. For more information, see PingOne SSO for SaaS Apps Customer Connection API. |
|
Admin Portal Banner |
Added a feature allowing you to display a banner message in the administrative portal. For more information, see Assign branding and design. |
June 2021
| Feature | Description |
|---|---|
|
Read-Only Administrative Roles |
Added a feature allowing you to assign user groups to read-only versions of administrative roles. Read-only roles allow administrators to access the areas of the admin portal normally allowed by that role, but not to change settings. For more information, see Configure SSO to the admin portal. |
|
Verbose Reporting |
Added a feature allowing more detailed reports and subscriptions for partner accounts with OIDC identity providers. For more information, see Creating and administering a partner account. |
May 2021
| Feature | Description |
|---|---|
|
Account ID |
Added a feature allowing administrative users to look up their unique account ID. To find your account ID, go to . |
April 2021
| Feature | Description |
|---|---|
|
Invited Connection Contact Email |
Added a feature allowing administrators to change the contact email for invited accounts. For more information, see Edit an invited customer connection. |
March 2021
| Feature | Description |
|---|---|
|
Customer Connections REST API |
Added request parameters to the Customer Connection Rest API. These optional parameters give you the same control over application connections using the API that you would have using the admin console. For more information, see PingOne SSO for SaaS Apps Customer Connection API |
|
OAuth Access Token |
Increased the allowed number of trusted origins for OAuth access token Cross-Origin Resource Sharing. The previous limit was 10. The current limit is 100. For more information, see Configuring your OAuth settings. |
January 2021
| Feature | Description |
|---|---|
|
Admin Console SSO |
Added the ability to configure your IdP connection to allow administrative users to SSO into the admin console. See Known issues and limitations below for important limitations to this feature. For more information, see Configure SSO to the admin portal |
|
PingOne Token Lifetime |
Reduced the lifetime of the PingOne user token from ten minutes to five minutes. For more information, see Process the PingOne SSO for SaaS Apps token exchange. |
| Subject | Issue/Limitation |
|---|---|
|
Single Logout |
PingOne's single logout (SLO) implementation relies on the ability to send cookies within an iframe. Some browsers now block this ability by default, which causes problems with SLO. SLO does not function on browsers where third-party cookies are disabled. This issue impacts SLO on the following browsers:
IdP-initiated SLO does not terminate the admin portal session in browsers that enforce SameSite. We are working to accommodate this new behavior. |
November 2020
| Feature | Description |
|---|---|
|
Administrator Settings |
Added a feature that allows you to change the certificate expiration notification settings for Global and SaaS administrators. For more information, see Editing administrative roles, permissions, and notifications and Manage your user profile. |
October 2020
| Feature | Description |
|---|---|
| Customer Connections |
Added a feature that allows you to filter the list of existing customer connections by status or type. For more information, see Edit an invited customer connection and Edit a managed customer connection. |
April 2020
| Feature | Description |
|---|---|
| Certificate management | We've added a new certificate management UI. The new UI enables
you to:
|
September-November 2019
| Feature | Description |
|---|---|
| Adding OIDC applications | We've updated the selection and configuration of OIDC applications, streamlining this process based on the type of OIDC application connection you want to add. See Adding or updating an OIDC application for more information. |
| OpenID Connect login_hint parameter | We've added the ability for you to pass the idpid or email domain in the OpenID Connect (OIDC) login_hint parameter when adding an OIDC application. See the Default User Profile Attribute Contract settings in Adding or updating an OIDC application for more information. |
June, 2019
| Feature | Description |
|---|---|
| Customer connection email invitation | You can now select the PingOne data center region for invited customers. See Creating an invited SSO connection for more information. |
April, 2019
| Feature | Description |
|---|---|
| Cross-origin resource sharing (CORS) for OpenID Connect | If you're integrating OpenID Connect (OIDC) applications with PingOne, you can now configure one or more trusted origins to enable cross-origin resource sharing (CORS). See Configuring your OAuth settings for more information. |
January, 2019
| Feature | Description |
|---|---|
| SSO reporting | We've added new report types and predefined reports for SSO transactions. For more information, see Report types and Report event information. |
November, 2018
| Feature | Description |
|---|---|
| Turkish language support | We've updated the PingOne user interface to include support for Turkish. For more information, see PingOne language support. |
October, 2018
| Feature | Description |
|---|---|
| Administrative auditing (reports and subscriptions) | Administrative auditing is now available PingOne for Enterprise, PingID and PingOne SSO for SaaS Apps. You can utilize the administrative audit events through both the Reports and the Subscriptions facilities. For more information, see Report types For more information, see Managing reports and subscriptions . |
| PKCE support for OpenID Connect (OIDC) | We've added support for Proof Key for Code Exchange (PKCE) to secure OIDC clients that cannot or choose not to use a client secret. We have therefore relaxed the requirement that a client secret must be specified when configuring an OIDC application with the authorization code flow. For more information, see Integrate an OIDC application, PKCE parameters For more information, see Integrate an OIDC application, PKCE parameters . |
September, 2018
| Feature | Description |
|---|---|
| PKCE support for OpenID Connect (OIDC) | We've added support for Proof Key for Code Exchange (PKCE) to secure OIDC clients that cannot or choose not to use a client secret. We have therefore relaxed the requirement that a client secret must be specified when configuring an OIDC application with the authorization code flow. For more information, see Integrate an OIDC application, PKCE parameters For more information, see Integrate an OIDC application, PKCE parameters . |
July, 2018
| Feature | Description |
|---|---|
| OpenID Connect applications | PingOne for Enterprise and PingOne SSO for SaaS Apps now
support the OpenID Connect (OIDC) protocol for application
integration using code, implicit or hybrid flows. You can
customize access tokens for your account or per application.
Client authentication is done using client secrets. For PingOne for Enterprise, you can make PingOne OIDC applications available on the PingOne dock. The applications are also selectable in access and authentication policies. |
June, 2018
| Feature | Description |
|---|---|
| Service provider SAML encryption | We have added an option for you to configure encryption of
the assertion in the outbound SAML response sent from PingOne
for an application. You can assign the encryption algorithm to
use. You can also upload your own certificate to use for
encryption. Note: For enhanced security we will sign the SAML
response rather than the assertion in the SAML response when
encryption is enabled.
See Add or update a SAML-enabled application for more information. |
| Updated navigation design | We have updated the design of the top-level navigation for the PingOne admin portal. There is no functional or behavioural impact. This is solely a style change. |
March, 2018
| Ticket ID | Issue |
|---|---|
| SSD-6751 | Fixed an issue where the restAuthUsername value wasn't always set when the integration page was loaded. |
December, 2017
| Feature | Description |
|---|---|
| SAML signature signing algorithm | We've added the ability for you to configure the signature signing algorithm for all assertion signing to PingOne. PingOne will continue to support the SHA-1 algorithm, but now allows you to select SHA-256, SHA-384 and SHA-512. New SAML connections default to SHA-256. See Adding or updating a SAML-enabled application for more information. |
November, 2017
| Subject | Issue/Limitation |
|---|---|
| Multiplexing and manual connections | When configuring a manual connection to an application, currently it is possible to select for multiplexing not to be used for non-SAML applications. Multiplexing is used for all non-SAML applications. |
October, 2017
| Ticket ID | Issue |
|---|---|
| SSD-5879 | Fixed an issue where the number of connections displayed on the My Applications page for applications was incorrect when an application was disabled. |
| SSD-3780 | Fixed an issue where no warning or confirmation prompt was displayed when saving an Attribute Policy that had no associated connection. |
| Subject | Issue/Limitation |
|---|---|
| Multiplexing and manual connections | When configuring a manual connection to an application, currently it is possible to select for multiplexing not to be used for non-SAML applications. Multiplexing is used for all non-SAML applications. |
June, 2017
| Feature | Description |
|---|---|
| PingOne universal certificate | A new PingOne universal certificate is now available. If you're using multiplexing, or using manually configured customer connections, you're using the PingOne universal certificate. In this case, it is imperative that you edit the application configuration to update the PingOne universal certificate. See Update the PingOne SSO for SaaS Apps universal certificate for instructions. |
| PingOne encryption certificate | When you're adding a customer connection manually, we've added the option to separately download the PingOne encryption certificate. |
| IdP discovery | When you edit a customer connection, you need only specify
the domain or domains used for customer email addresses and we
will use this information to discover the IdP for the
connection. We've added the option to set the current connection
as the default IdP connection used for all of your applications.
We've also updated the IdP Discovery popup window to display the application logo and your corporate logo (if you've configured this). |
| Testing application integration | For security reasons, we've disabled connections to the PingOne Test IdP by default. This connection is enabled only when you select to test your application. We also ensure that you can disable the connection when you're done testing. |
April-May, 2017
| Feature | Description |
|---|---|
| Corporate branding | We've added an page for you to assign branding to be used for your organization's account. |
February, 2017
| Feature | Description |
|---|---|
| Salesforce provisioner | We've updated the Salesforce provisioner with the following
changes and enhancements:
|
| Ticket ID | Issue |
|---|---|
| SSD-4316 | Fixed an issue that was prompting a user to activate OAuth when creating a connection for which provisioning was not selected. |
| IO-2027 | We've improved the handling of different letter case logins and aliases for the Box provisioner. |
| IO-2243 | Fixed an issue with the Microsoft Office 365 provisioner that was causing an error when trying to retrieve a user during provisioning. |
| IO-2242 | Fixed an issue with the WebEx provisioner's handling of the timezones not listed in WebEx's timezone encoding list. |
January, 2017
| Ticket ID | Issue |
|---|---|
| SSD-4040 | Fixed an issue when filtering dashboard metrics, where filtering by "today" would return 0 results. Also fixed an issue with the mouse over popup on chart data that spanned a DST boundary where the time reported was offset by +1/-1 hour. |
| SSD-4071 | Fixed an issue that was preventing the propagation of SLO settings changed on an application in a PingOne for SaaS Apps account from being applied to all connections to that application. |