id
|
String |
Required |
Immutable |
The resource’s unique identifier. |
name
|
String |
Required |
Mutable |
A name unique to the environment to assign to the experience. |
description
|
String |
Optional |
Mutable |
A description of the experience. |
flowType
|
String |
Optional |
Mutable |
Accepted values are: USERNAME_AND_PASSWORD, IDENTIFIER_FIRST, IDENTITY_PROVIDER_FIRST. |
firstFactor
|
Object |
Required |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Contains the authentication configuration. |
firstFactor.passwordless
|
Object |
Optional |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Contains the configuration for Passwordless authentication. |
firstFactor.passwordless.enabled
|
Boolean |
Required |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Enables or disables Passwordless authentication. Defaults to false. |
firstFactor.passwordless.usernameFirst
|
Boolean |
Required/Optional |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passwordless.enabled is true. Enables or disables Passkey, SMS, or One-Time Password (OTP)-based passwordless flow. Defaults to false. |
firstFactor.passwordless.passkeyPolicies
|
Array |
Required |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Currently, only a single FIDO2 policy can be specified. An array is used to enable multi-policy selection in the future. |
firstFactor.passwordless.passkeyPolicies.id
|
String |
Required/Optional |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passwordless.passkeyPolicies is specified. A Fido2 policy ID. |
firstFactor.passwordless.passkeyPolicies.type
|
String |
Required/Optional |
Immutable |
Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passwordless.passkeyPolicies is specified. This value must be STANDARD_MFA. |
firstFactor.passkeyOrBioMetric
|
Object |
Required |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Contains the configuration for Passkey or Biometric authentication. |
firstFactor.passkeyOrBioMetric.enabled
|
Boolean |
Required |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Enables or disables Passkey or Biometric authentication. Defaults to false. |
firstFactor.passkeyOrBioMetric.passkeyPolicies
|
Array |
Required |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Currently, only a single FIDO2 policy can be specified. An array is used to enable multi-policy selection in the future. |
firstFactor.passkeyOrBioMetric.passkeyPolicies.id
|
String |
Required/Optional |
Mutable |
Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passkeyOrBioMetric.passkeyPolicies is specified. A Fido2 policy ID. |
firstFactor.passkeyOrBioMetric.passkeyPolicies.type
|
String |
Required/Optional |
Immutable |
Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passkeyOrBioMetric.passkeyPolicies is specified. This value must be STANDARD_MFA. |
firstFactor.identityProviders
|
Object |
Required |
Mutable |
Contains the configuration for identity providers. |
firstFactor.identityProviders.enabled
|
Boolean |
Required |
Mutable |
Enables or disables Passkey or Biometric authentication. Defaults to false. |
firstFactor.identityProviders.socialProviders
|
Array |
Required |
Mutable |
Required when firstFactor.identityProviders.enabled is true. An array of social providers used as IdPs. See Identity Providers. |
firstFactor.identityProviders.socialProviders.id
|
String |
Required/Optional |
Mutable |
Required when firstFactor.identityProviders.socialProviders is specified. An identify provider ID for a social provider. |
firstFactor.identityProviders.socialProviders.name
|
String |
Required/Optional |
Mutable |
Required when firstFactor.identityProviders.socialProviders is specified. A name of a social provider used as an IdP. |
firstFactor.identityProviders.socialProviders.type
|
String |
Required/Optional |
Immutable |
Required when firstFactor.identityProviders.socialProviders is specified. The type of IdP. See Identity Provider Management. |
firstFactor.rememberMe
|
Boolean |
Optional |
Mutable |
Set this to true to remember the specified social providers. Defaults to false. |
firstFactor.sessionTimeOut
|
Object |
Optional |
Immutable |
Contains the time unit and value configuration for session timeout. |
firstFactor.sessionTimeOut.unit
|
String |
Required/Optional |
Mutable |
Required when firstFactor.sessionTimeOut is specified. The unit of time to use for session timeout. This can be one of the following: MM (minutes),HH (hours), DD (days), WW (weeks). |
firstFactor.sessionTimeOut.value
|
String |
Required/Optional |
Mutable |
Required when firstFactor.sessionTimeOut.unit is specified. The corresponding length of time value for the session timeout. |
mfa
|
Object |
Required |
Mutable |
Contains the configuration for multi-factor authentication. |
mfa.enabled
|
Boolean |
Required |
Mutable |
Enables or disables multi-factor authentication. Defaults to false. |
mfa.enabled.accessPolicies
|
Array |
Required |
Mutable |
Required when mfa.enabled is true. Currently, only a single Risk Policy or Device Authentication Policy identifier can be specified. An array is used to enable multi-policy selection in the future. |
mfa.enabled.id
|
String |
Required/Optional |
Mutable |
Required when mfa.enabled is true. This can be either a Risk Policy ID or a Device Authentication Policy ID. |
mfa.enabled.type
|
String |
Required/Optional |
Immutable |
Required when mfa.enabled is true. If mfa.enabled.id is a Risk Policy ID, this must be RISK_MFA. If mfa.enabled.id is a Device Authentication Policy ID, this must be STANDARD_MFA. |
mfa.sessionTimeOut
|
Object |
Optional |
Immutable |
Contains the time unit and value configuration for session timeout. |
mfa.sessionTimeOut.unit
|
String |
Required/Optional |
Mutable |
Required when mfa.sessionTimeOut is specified. The unit of time to use for session timeout. This can be one of the following: MM (minutes),HH (hours), DD (days), WW (weeks). |
mfa.sessionTimeOut.value
|
String |
Required/Optional |
Mutable |
Required when mfa.sessionTimeOut.unit is specified. The corresponding length of time value for the session timeout. |
mfa.enrollment
|
Object |
Required |
Mutable |
Contains the configuration for multi-factor authentication enrollment. |
mfa.enrollment.enabled
|
Boolean |
Required |
Mutable |
Enables or disables multi-factor authentication enrollment. Defaults to false. |
mfa.enrollment.required
|
Boolean |
Required |
Mutable |
Required when mfa.enabled is true. Enables or disables requirement for multi-factor authentication enrollment. Defaults to false. |
mfa.enabled.accessPolicies
|
Object[] |
Required |
Mutable |
Required when mfa.enabled is true. Currently, only a single Device Authentication Policy identifier object can be specified. An array is used to enable multi-policy selection in the future. |
mfa.enabled.accessPolicies.id
|
String |
Required/Optional |
Mutable |
Required when mfa.enabled is true. A Device Authentication Policy ID. |
mfa.enabled.accessPolicies.type
|
String |
Required/Optional |
Immutable |
Required when mfa.enabled is true. This must be STANDARD_MFA. |
accountRecovery
|
Object |
Required |
Mutable |
Contains the configuration for account recovery. |
accountRecovery.enabled
|
Boolean |
Required |
Mutable |
Enables or disables multi-factor authentication enrollment. Defaults to false. |
accountRecovery.enabled.accessPolicies
|
Object[] |
Required |
Mutable |
Required when accountRecovery.enabled is true. Currently, only a single Risk Policy identifier object can be specified. An array is used to enable multi-policy selection in the future. |
accountRecovery.enabled.accessPolicies.id
|
String |
Required/Optional |
Mutable |
Required when accountRecovery.enabled is true. A Risk Policy ID. |
accountRecovery.enabled.accessPolicies.type
|
String |
Required/Optional |
Immutable |
Required when accountRecovery.enabled is true. This must be RISK_MFA. |
registration
|
Object |
Required |
Mutable |
Contains the configuration for account recovery. |
registration.enabled
|
Boolean |
Required |
Mutable |
Enables or disables multi-factor authentication enrollment. Defaults to false. |
registration.enrollment
|
Object |
Required |
Mutable |
Contains the configuration for multi-factor authentication enrollment. |
registration.enrollment.enabled
|
Boolean |
Required |
Mutable |
Enables or disables registration enrollment. Defaults to false. |
registration.enrollment.required
|
Boolean |
Required |
Mutable |
Required when registration.enrollment.enabled is true. Enables or disables requirement for registration enrollment. Defaults to false. |
registration.enrollment.policies
|
Object[] |
Required |
Mutable |
Required when registration.enrollment.enabled is true. Currently, only a single Device Authentication Policy identifier object can be specified. An array is used to enable multi-policy selection in the future. |
registration.enrollment.policies.id
|
String |
Required/Optional |
Mutable |
Required when registration.enrollment.enabled is true. A Device Authentication Policy ID. |
registration.enrollment.policies.type
|
String |
Required/Optional |
Immutable |
Required when registration.enrollment.enabled is true. This must be STANDARD_MFA. |
registration.population
|
Object |
Required/Optional |
Mutable |
Required when registration.enabled is true. Configures the population for registration. |
registration.population.id
|
String |
Required/Optional |
Mutable |
Required when registration.enabled is true. A population ID. |
registration.botDetection
|
Object |
Required |
Mutable |
Contains the configuration for bot detection. |
registration.botDetection.enabled
|
Boolean |
Required |
Mutable |
Enables or disables bot detection. Defaults to false. |
registration.botDetection.enabled.accessPolicies
|
Object[] |
Required |
Mutable |
Required when registration.enabled is true. Currently, only a single Risk Policy identifier object can be specified. An array is used to enable multi-policy selection in the future. |
registration.botDetection.enabled.accessPolicies.id
|
String |
Required/Optional |
Mutable |
Required when registration.botDetection.enabled is true. A Risk Policy ID. |
registration.botDetection.enabled.accessPolicies.type
|
String |
Required/Optional |
Immutable |
Required when registration.botDetection.enabled is true. This must be RISK_MFA. |
registration.attributeList
|
Object[] |
Required |
Mutable |
Contains the attributes required for registration. |
registration.attributeList.name
|
String |
Optional |
Mutable |
The name of a PingOne Standard attribute. |
registration.attributeList.required
|
Boolean |
Required |
Mutable |
Indicates whether the name attribute specified is required. |
registration.requireAccountVerification
|
Boolean |
Required |
Mutable |
Indicates whether 0account verification is required. |
registration.termsOfService
|
Object |
Required |
Mutable |
Contains the Terms of Service Agreement configuration. |
registration.termsOfService.enabled
|
Boolean |
Required |
Mutable |
Enables or disables the Terms of Service Agreement configuration. |
registration.termsOfService.agreementPolicy
|
Object |
Required |
Mutable |
Required when registration.termsOfService.enabled is true. Contains the Agreement Policy configuration. |
registration.termsOfService.agreementPolicy.id
|
String |
Required/Optional |
Mutable |
Required when registration.termsOfService.enabled is true. An Agreement Policy ID. |
registration.theme
|
Object |
Required |
Mutable |
Contains the Theme configuration. |
registration.theme.id
|
String |
Required |
Mutable |
A Theme ID. |