--- title: Application Flow Policy Assignments description: Flow policy assignment endpoints manage the flow policies associated with the specified application. An application can have zero or more flow policies assigned to it that determine how users are authenticated. The number of flow policies assigned to an application also controls how the authentication flow progresses. component: pingone-api page_id: pingone-api:platform:applications/application-flow-policy-assignments canonical_url: https://developer.pingidentity.com/pingone-api/platform/applications/application-flow-policy-assignments.html section_ids: no-flow-policy-assignments: No flow policy assignments one-flow-policy-assignment: One flow policy assignment two-or-more-flow-policy-assignments: Two or more flow policy assignments flow-policies-and-the-pingone-application-portal: Flow policies and the PingOne application portal application-flow-policy-assignments-data-model: Application flow policy assignments data model flow-policy-events-generated: Flow Policy events generated response-codes: Response codes --- # Application Flow Policy Assignments Flow policy assignment endpoints manage the flow policies associated with the specified application. An application can have zero or more flow policies assigned to it that determine how users are authenticated. The number of flow policies assigned to an application also controls how the authentication flow progresses. ## No flow policy assignments Applications that have no flow policy assignments use the environment resource's default sign-on policy to authenticate users (or a designated sign-on policy assignment). ## One flow policy assignment Applications that have one flow policy assignment always use that flow policy to authenticate users. ## Two or more flow policy assignments If an application has two or more assigned flow policies, the authentication flow uses the flow policy with the highest priority (priority 1) first. If authentication is successful, the flow is complete. If authentication fails, the flow initiates the flow policy with the next highest priority. The flow continues until one of the assigned flow policies completes successfully or all policies have been tried and failed. OIDC applications can request a lower-priority policy by using the `acr_values` OIDC parameter with the desired PingOne authentication name or DaVinci flow policy ID. Refer to [OpenID Connect/OAuth2 data model](applications-1.html#applications-oidc-settings-data-model). SAML applications can request a lower-priority policy by sending a SAML 2.0 authentication request with the `RequestedAuthnContext` parameter, where the value indicates the desired PingOne authentication name or DaVinci flow policy ID. Note that the `enableRequestAuthnContext` must be set to `true` for the SAML application. Refer to [SAML settings data model](applications-1.html#applications-saml-settings-data-model). ## Flow policies and the PingOne application portal If the PingOne application portal is not configured with any flow policies, it will use the default PingOne policy. You can apply policies other than the default to the PingOne application portal by appending the `policy` query parameter to your Application Portal Home Page URL. For example, the Home Page URL `https://apps.pingone.com//myapps/` would become `https://apps.pingone.com//myapps/?policy=`, where `` is the name of a configured PingOne policy, or the ID of a configured DaVinci flow policy. If the policy name or ID doesn't match any configured policy, then PingOne returns an error. ## Application flow policy assignments data model | Property | Type | Required? | Mutable? | Description | | ---------------- | ------- | --------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `application.id` | String | Required | Read only | A string that specifies the application resource ID associated with the flow policy assignment. | | `environment.id` | String | Required | Read only | A string that specifies the environment associated with the application. | | `flowPolicy.id` | String | Required | Mutable | A string that specifies the flow policy resource ID associated with the flow policy assignment. | | `id` | String | Required | Read only | A string that specifies the flow policy assignment resource's unique identifier. | | `priority` | Integer | Required | Mutable | The order in which the policy referenced by this assignment is evaluated during an authentication flow relative to other policies. An assignment with a lower priority will be evaluated first. | ## Flow Policy events generated Refer to [Audit Reporting Events](../reference/audit-reporting-events.html) for the events generated. ## Response codes | Code | Message | | ---- | --------------------------------------------------------------------- | | 200 | Successful operation. | | 201 | Successfully created. | | 204 | Successfully removed. No content. | | 400 | The request could not be completed. | | 401 | You do not have access to this resource. | | 403 | You do not have permissions or are not licensed to make this request. | | 404 | The requested resource was not found. | | 500 | An unexpected error occurred. | > **Collapse: Related topics** > > * [Flow Policies](../flow-policies.html)