PingOne Platform APIs

External Authentication

The external authentication API provides endpoints for performing end user authentication with PingOne supported external identity providers. End users are redirected immediately to the authentication initialization endpoint at the external authentication service. After users authenticate at the provider, they are redirected back to the external authentication service’s authentication callback endpoint, where the external authentication API validates the token or assertion returned from the external identity provider.

Workflows

External authentication data model

Property Type Required? Mutable? Description

attributes

Object

N/A

Read-only

The mapped user attributes and their values from the external identity provider.

<attributename>

Object

N/A

Read-only

The name of the mapped user attribute from the external identity provider.

<attributename>.value

String

N/A

Read-only

The value for the mapped user attribute from the external identity provider.

<attributename>.update

String

N/A

Read-only

An enumeration that specifies the update behavior for this attribute based on identity provider configuration. Options are EMPTY_ONLY and ALWAYS.

externalId

String

N/A

Read-only

The identifier returned by the identity provider for the external user.

flow

Object

Required

Immutable

A reference to the PingOne flow associated with this external authentication.

flow.id

String

Required

Mutable

The flow UUID associated with this external authentication.

identityProvider

Object

Required

Immutable

A reference to the external identity provider that is used to authenticate the user.

identityProvider.id

String

Required

Mutable

The UUID of the external identity provider to which the user is redirected for sign-on.

status

String

N/A

Read-only

The status of the external authentication. Options are:

  • PROVIDER_RESPONSE_REQUIRED: Awaiting callback from provider with authentication results.

  • COMPLETED: External authentication request completed successfully.

  • FAILED: The identity provider returned an error.

error

Object

N/A

Read-only

When the status is FAILED, returns an error detail from the identity provider to the PingOne flow associated with this external authentication.

error.code

String

N/A

Read-only

The PingOne code for the error.

error.message

String

N/A

Read-only

The description of the error.

External authentication events generated

Refer to Audit Reporting Events for the events generated.

Response codes

Code Message

302

Found.

400

The request could not be completed.

401

You weren’t authenticated to perform this operation.

403

You do not have permissions or are not licensed to make this request.