PingOne Platform APIs

DaVinci and protocols

DaVinci flows integrate with protocols such as OIDC, SAML, and RADIUS using specific connectors to orchestrate identity processes. DaVinci acts as an OIDC provider or a SAML service provider. For legacy network infrastructures, it can leverage existing PingOne authentication services to provide modern flow orchestration actions.

DaVinci and OpenID Connect (OIDC)

PingOne DaVinci flows with the OpenID Connect (OIDC) protocol implements orchestration as a standardized identity layer that works across any platform or application that supports OIDC. The benefits include:

  • Interoperability: Because OIDC is an industry standard, you can integrate DaVinci flows with a wide range of third-party identity providers without writing custom connector code.

  • Decoupled Frontend and Backend: Your application supports standard OIDC redirects or token exchanges while the complex authentication logic that provides numerous sign-on actions is handled by the DaVinci flow.

  • Automatic updates: You can change authentication and registration logic in the DaVinci flow without needing to redeploy your app to update the flow.

  • Security: OIDC’s use of short-term JSON Web Tokens (JWTs) to share identity information eliminates the need for applications to handle or store raw user credentials.

  • Session management: OIDC flows create and manage user sessions across multiple applications to provide a Single Sign-On (SSO) experience for users.

  • Access to API scopes: OIDC flows provide access tokens that give the application the permissions (scopes) to call protected backend APIs.

DaVinci and Security Assertion Markup Language (SAML)

PingOne DaVinci flows with the SAML protocol initiates flows through SAML applications, acting as a service provider (SP) that connects to an external Identity Provider (IdP). DaVinci with SAML extends modern flow orchestration actions to enterprise applications and systems that don’t support OIDC. The benefits include:

  • Compatibility: For enterprise SSO, DaVinci gives you the tools to inject complex orchestration (such as risk-based MFA or identity proofing) into the login path of SAML applications.

  • Easy modernization: DaVinci as a SAML Identity Provider (IdP) replaces old authentication system for a flexible DaVinci flow without having to touch the code of the target application. The app responds to a standard SAML response, unaware of the complex flow executed by DaVinci.

  • Integration with enterprise IdPs: DaVinci’s SAML IdP connector enables DaVinci to act as a Service Provider (SP), offering a modern flow for additional verification before granting access.

  • Attribute mapping and transformation: DaVinci can receive a SAML response, use its logic nodes to transform or augment the user attributes, and then issue a clean assertion to the final application.

DaVinci and RADIUS

PingOne DaVinci flows with the RADIUS protocol brings modern identity orchestration to legacy network infrastructures that do not natively support modern web protocols like OIDC or SAML. The benefits include:

  • Modernized flows: You can add multi-factor authentication (MFA) to on-premise VPNs or network devices that otherwise only support simple username and password authentication.

  • Support complex ochestration: By routing RADIUS requests through DaVinci, you can apply complex logic (such as real-time risk evaluations) before granting access.