Capabilities

The capabilities service provides operations to determine what an organization or an environment is capable of doing within PingOne with respect to:

The organization’s current PingOne license.
The current utilization of PingOne resources.
The current PingOne system limits.
The products and services included in the environment’s bill of materials.

The Capabilities service is closely associated with the Licenses and Bill of Materials (BOM) services. The PingOne license and BOM identify the Ping Identity products associated with your organization and environment, but these services do not enumerate the specific actions you can perform. You can use the capabilities service to check the capabilities provided by the current license and the environment’s BOM. For example, if the organization-level capability canCreateEnvironment is set to true, it shows that the license grants you the capability to create new environments. Likewise, there can be numerous capabilities at the environment level, depending on the products in the BOM. The following list shows some of the actions that you might be able to perform:

"canUseCredentials": false,
"canUseCredentialsPushNotifications": false,
"canUseCustomSchema": true,
"canUseDaVinciAdminPortal": true,

In this case, you can implement a custom user schema and you can access the DaVinci admin portal, but you cannot perform actions that use credentials or credential-based push notifications.

Capabilities events generated

Refer to Audit Reporting Events for the events generated.

Organization capabilities data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`assignableLicenses.allowProduction`	Boolean	N/A	Read-only	Whether the license allows production environments.
`assignableLicenses.beginsAt`	Date	N/A	Read-only	When the license period starts.
`assignableLicenses.expiresAt`	Date	N/A	Read-only	When the license period ends.
`assignableLicenses.id`	String	N/A	Read-only	The license ID for a license that can be assigned to the organization.
`assignableLicenses.name`	String	N/A	Read-only	The name of a license that can be assigned to the organization.
`assignableLicenses.supportedRegions`	Array [String]	N/A	Read-only	The names of the supported regions for a license that can be assigned to the organization.
`canContactSupport`	Boolean	N/A	Read-only	Whether the organization can contact PingOne support.
`canCreateEnvironment`	Boolean	N/A	Read-only	Whether the organization can create an environment. A return value of `false` specifies that the organization’s maximum number of environments has been reached.
`canCreateEphemeralTrialLicenses`	Boolean	N/A	Read-only	Whether the organization can create short-term trial licenses.
`canUsePlatform`	Boolean	N/A	Read-only	The status of the associated license. Return values are `true` (ACTIVE) and `false` (TERMINATED).
`organizationId`	String	N/A	Read-only	The ID of the organization.

assignableLicenses.allowProduction

Boolean

N/A

Read-only

Whether the license allows production environments.

assignableLicenses.beginsAt

Date

N/A

Read-only

When the license period starts.

assignableLicenses.expiresAt

Date

N/A

Read-only

When the license period ends.

assignableLicenses.id

String

N/A

Read-only

The license ID for a license that can be assigned to the organization.

assignableLicenses.name

String

N/A

Read-only

The name of a license that can be assigned to the organization.

assignableLicenses.supportedRegions

Array [String]

N/A

Read-only

The names of the supported regions for a license that can be assigned to the organization.

canContactSupport

Boolean

N/A

Read-only

Whether the organization can contact PingOne support.

canCreateEnvironment

Boolean

N/A

Read-only

Whether the organization can create an environment. A return value of false specifies that the organization’s maximum number of environments has been reached.

canCreateEphemeralTrialLicenses

Boolean

N/A

Read-only

Whether the organization can create short-term trial licenses.

canUsePlatform

Boolean

N/A

Read-only

The status of the associated license. Return values are true (ACTIVE) and false (TERMINATED).

organizationId

String

N/A

Read-only

The ID of the organization.

Environment capabilities data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`canAddResources`	Boolean	N/A	Read-only	Whether the license supports creation of resources in the specified environment.
`canAssignUsersRoles`	Boolean	N/A	Read-only	Whether the license supports role assignments in the specified environment.
`canContactSupport`	Boolean	N/A	Read-only	Whether the license allows contact of PingOne Support.
`canCreateConnections`	Boolean	N/A	Read-only	Whether the license supports creation of a application connections in the specified environment.
`canCreateCustomDomain`	Boolean	N/A	Read-only	Whether the license supports creation of a custom domain in the specified environment.
`canPromoteToProd`	Boolean	N/A	Read-only	Whether the environment’s `type` property can be promoted from `SANDBOX` to `PRODUCTION`.
`canSendMfaNotificationsOutsideWhitelist`	Boolean	N/A	Read-only	Whether the license supports sending notifications outside of the environment’s whitelist.
`canSendPasswordManagementNotifications`	Boolean	N/A	Read-only	Whether the license supports sending password management notifications.
`canSendVerificationFlowNotifications`	Boolean	N/A	Read-only	Whether the license supports sending verification flow notifications.
`canUseAadhaar`	Boolean	N/A	Read-only	Whether the license supports using Aadhaar verification transactions.
`canUseAamva`	Boolean	N/A	Read-only	Whether the license supports using additional verification support with American Association of Motor Vehicle Administrators (AAMVA).
`canUseAccountProtection`	Boolean	N/A	Read-only	Whether the license supports using account protection.
`canUseAccountTakeoverDetection`	Boolean	N/A	Read-only	Whether the license supports using account takeover detection.
`canUseApiAccessManagement`	Boolean	N/A	Read-only	Whether the license supports using API Access Management services.
`canUseBotMaliciousDeviceDetection`	Boolean	N/A	Read-only	Whether the license supports using malicious BOT device detection capabilities.
`canUseCredentialSharingDetection`	Boolean	N/A	Read-only	Whether the license supports using credential sharing detection capabilities.
`canUseCredentials`	Boolean	N/A	Read-only	Whether the license supports using credentials services.
`canUseCredentialsPushNotifications`	Boolean	N/A	Read-only	Whether the license supports using credentials push notifications services.
`canUseCustomSchema`	Boolean	N/A	Read-only	Whether the license supports using custom schema tributes in the specified environment.
`canUseDataBasedVerifications`	Boolean	N/A	Read-only	Whether the license supports using data-based identity verification from TransUnion for the U.S.
`canUseDaVinciAdminPortal`	Boolean	N/A	Read-only	Whether the license supports using the DaVinci admin portal.
`canUseDataAnalyticsSupport`	Boolean	N/A	Read-only	Whether the license supports using data analytics support services.
`canUseDigitalVerifications`	Boolean	N/A	Read-only	Whether the license supports using digital verifications services.
`canUseDocumentMatch`	Boolean	N/A	Read-only	Whether the license supports using document match services.
`canUseDynamicAuthorization`	Boolean	N/A	Read-only	Whether the license supports using dynamic authorization services.
`canUseEmailOtp`	Boolean	N/A	Read-only	Whether the license supports using email OTP capabilities.
`canUseFaceMatch`	Boolean	N/A	Read-only	Whether the license supports using face match capabilities.
`canUseFraudDataEnrichment`	Boolean	N/A	Read-only	Whether the license supports using fraud data enrichment capabilities.
`canUseIdentities`	Boolean	N/A	Read-only	Whether the license supports using identities.
`canUseIdentityProviders`	Boolean	N/A	Read-only	Whether the license supports using external identity providers in the specified environment.
`canUseInboundProvisioning`	Boolean	N/A	Read-only	Whether the license supports using inbound provisioning services.
`canUseIntelligence`	Boolean	N/A	Read-only	Whether the license supports using PingIntellegence capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.
`canUseIntelligenceAdvancedPredictors`	Boolean	N/A	Read-only	Whether the license supports using PingIntellegence advanced predictors capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.
`canUseIntelligenceAnonymousNetworkDetection`	Boolean	N/A	Read-only	Whether the license supports using PingIntellegence anonymous network detection capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.
`canUseIntelligenceDataConsent`	Boolean	N/A	Mutable	Whether the customer consents to user and event behavior analytics (UEBA) collection capabilities in the specified environment. This capability applies to the PingOne Protect product.
`canUseIntelligenceGeoVelocity`	Boolean	N/A	Read-only	Whether the license supports using PingIntellegence geovelocity capabilities in the specified environment when a geovelocity anomaly is detected. This capability applies to the PingOne Platform and PingOne MFA products.
`canUseIntelligenceProtect`	Boolean	N/A	Read-only	Whether the license supports using protect capabilities in the specified environment. This capability applies to the PingOne Protect product.
`canUseIntelligenceReputation`	Boolean	N/A	Read-only	Whether the license supports using PingIntellegence reputation capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.
`canUseIntelligenceRisk`	Boolean	N/A	Read-only	Whether the license supports using Risk capabilities in the specified environment. This capability applies to the PingOne Protect product.
`canUseKerberosGateway`	Boolean	N/A	Read-only	Whether the license supports using Kerberos gateway services.
`canUseLdapGateway`	Boolean	N/A	Read-only	Whether the license supports using LDAP gateway services.
`canUseManualIDStepUpInspection`	Boolean	N/A	Read-only	Whether the license supports using manual ID step-up inspection services.
`canUseManualIdInspection`	Boolean	N/A	Read-only	Whether the license supports using manual ID inspection services.
`canUseMfa`	Boolean	N/A	Read-only	Whether the license supports using MFA in the specified environment.
`canUseMfaFido2Devices`	Boolean	N/A	Read-only	Whether the license supports MFA operations on FIDO2 devices.
`canUseMfaPushNotifications`	Boolean	N/A	Read-only	Whether the license supports MFA push authentication for native applications in the specified environment.
`canUseMfaVoiceOtp`	Boolean	N/A	Read-only	Whether the license supports MFA voice OTP for native applications in the specified environment.
`canUseMyAccount`	Boolean	N/A	Read-only	Whether the license supports using the My Account capabilities in the specified environment.
`canUseNewAccountFraudDetection`	Boolean	N/A	Read-only	Whether the license supports using new account fraud detection capabilities in the specified environment.
`canUseOrchestration`	Boolean	N/A	Read-only	Whether the license supports using orchestration capabilities in the specified environment.
`canUsePasswordManagement`	Boolean	N/A	Read-only	Whether the license supports using password management capabilities in the specified environment.
`canUsePasswordOnlyAuthentication`	Boolean	N/A	Read-only	Whether the license supports using password only login capabilities in the specified environment.
`canUsePasswordPolicy`	Boolean	N/A	Read-only	Whether the license supports using password policies in the specified environment.
`canUsePlatform`	Boolean	N/A	Read-only	The status of the associated license. Return values are `true` (ACTIVE) and `false` (TERMINATED).
`canUseProtectTransactions`	Boolean	N/A	Read-only	Whether the license supports using protect transaction capabilities in the specified environment.
`canUseProvisioning`	Boolean	N/A	Read-only	Whether the license supports using provisioning capabilities in the specified environment.
`canUseRadiusGateway`	Boolean	N/A	Read-only	Whether the license supports using radius gateway services.
`canUseSmsOtp`	Boolean	N/A	Read-only	Whether the license supports using SMS OTP capabilities.
`canUseTotp`	Boolean	N/A	Read-only	Whether the license supports using TOTP capabilities.
`canUseVerificationFlow`	Boolean	N/A	Read-only	Whether the license supports using verification flows in the specified environment.
`canUseVerify`	Boolean	N/A	Read-only	Whether the license supports using Verify in the specified environment.
`canUseVerifyPushNotifications`	Boolean	N/A	Read-only	Whether the license supports using verify push notifictions capabilities in the specified environment.
`canUseVerifyVoice`	Boolean	N/A	Read-only	Whether the license supports using verify voice capabilities in the specified environment.
`canUseVoiceBiometrics`	Boolean	N/A	Read-only	Whether the license supports using biometric voice capabilities in the specified environment.
`canUseUniversalCapture`	Boolean	N/A	Read-only	Whether the license supports using universal capture capabilities in the specified environment.
`canUsersUpdateSelf`	Boolean	N/A	Read-only	Whether the license supports allowing users to update their own profile.
`environmentId`	String	N/A	Read-only	The ID of the environment.

canAddResources

Boolean

N/A

Read-only

Whether the license supports creation of resources in the specified environment.

canAssignUsersRoles

Boolean

N/A

Read-only

Whether the license supports role assignments in the specified environment.

canContactSupport

Boolean

N/A

Read-only

Whether the license allows contact of PingOne Support.

canCreateConnections

Boolean

N/A

Read-only

Whether the license supports creation of a application connections in the specified environment.

canCreateCustomDomain

Boolean

N/A

Read-only

Whether the license supports creation of a custom domain in the specified environment.

canPromoteToProd

Boolean

N/A

Read-only

Whether the environment’s type property can be promoted from SANDBOX to PRODUCTION.

canSendMfaNotificationsOutsideWhitelist

Boolean

N/A

Read-only

Whether the license supports sending notifications outside of the environment’s whitelist.

canSendPasswordManagementNotifications

Boolean

N/A

Read-only

Whether the license supports sending password management notifications.

canSendVerificationFlowNotifications

Boolean

N/A

Read-only

Whether the license supports sending verification flow notifications.

canUseAadhaar

Boolean

N/A

Read-only

Whether the license supports using Aadhaar verification transactions.

canUseAamva

Boolean

N/A

Read-only

Whether the license supports using additional verification support with American Association of Motor Vehicle Administrators (AAMVA).

canUseAccountProtection

Boolean

N/A

Read-only

Whether the license supports using account protection.

canUseAccountTakeoverDetection

Boolean

N/A

Read-only

Whether the license supports using account takeover detection.

canUseApiAccessManagement

Boolean

N/A

Read-only

Whether the license supports using API Access Management services.

canUseBotMaliciousDeviceDetection

Boolean

N/A

Read-only

Whether the license supports using malicious BOT device detection capabilities.

canUseCredentialSharingDetection

Boolean

N/A

Read-only

Whether the license supports using credential sharing detection capabilities.

canUseCredentials

Boolean

N/A

Read-only

Whether the license supports using credentials services.

canUseCredentialsPushNotifications

Boolean

N/A

Read-only

Whether the license supports using credentials push notifications services.

canUseCustomSchema

Boolean

N/A

Read-only

Whether the license supports using custom schema tributes in the specified environment.

canUseDataBasedVerifications

Boolean

N/A

Read-only

Whether the license supports using data-based identity verification from TransUnion for the U.S.

canUseDaVinciAdminPortal

Boolean

N/A

Read-only

Whether the license supports using the DaVinci admin portal.

canUseDataAnalyticsSupport

Boolean

N/A

Read-only

Whether the license supports using data analytics support services.

canUseDigitalVerifications

Boolean

N/A

Read-only

Whether the license supports using digital verifications services.

canUseDocumentMatch

Boolean

N/A

Read-only

Whether the license supports using document match services.

canUseDynamicAuthorization

Boolean

N/A

Read-only

Whether the license supports using dynamic authorization services.

canUseEmailOtp

Boolean

N/A

Read-only

Whether the license supports using email OTP capabilities.

canUseFaceMatch

Boolean

N/A

Read-only

Whether the license supports using face match capabilities.

canUseFraudDataEnrichment

Boolean

N/A

Read-only

Whether the license supports using fraud data enrichment capabilities.

canUseIdentities

Boolean

N/A

Read-only

Whether the license supports using identities.

canUseIdentityProviders

Boolean

N/A

Read-only

Whether the license supports using external identity providers in the specified environment.

canUseInboundProvisioning

Boolean

N/A

Read-only

Whether the license supports using inbound provisioning services.

canUseIntelligence

Boolean

N/A

Read-only

Whether the license supports using PingIntellegence capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.

canUseIntelligenceAdvancedPredictors

Boolean

N/A

Read-only

Whether the license supports using PingIntellegence advanced predictors capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.

canUseIntelligenceAnonymousNetworkDetection

Boolean

N/A

Read-only

Whether the license supports using PingIntellegence anonymous network detection capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.

canUseIntelligenceDataConsent

Boolean

N/A

Mutable

Whether the customer consents to user and event behavior analytics (UEBA) collection capabilities in the specified environment. This capability applies to the PingOne Protect product.

canUseIntelligenceGeoVelocity

Boolean

N/A

Read-only

Whether the license supports using PingIntellegence geovelocity capabilities in the specified environment when a geovelocity anomaly is detected. This capability applies to the PingOne Platform and PingOne MFA products.

canUseIntelligenceProtect

Boolean

N/A

Read-only

Whether the license supports using protect capabilities in the specified environment. This capability applies to the PingOne Protect product.

canUseIntelligenceReputation

Boolean

N/A

Read-only

Whether the license supports using PingIntellegence reputation capabilities in the specified environment. This capability applies to the PingOne Platform and PingOne MFA products.

canUseIntelligenceRisk

Boolean

N/A

Read-only

Whether the license supports using Risk capabilities in the specified environment. This capability applies to the PingOne Protect product.

canUseKerberosGateway

Boolean

N/A

Read-only

Whether the license supports using Kerberos gateway services.

canUseLdapGateway

Boolean

N/A

Read-only

Whether the license supports using LDAP gateway services.

canUseManualIDStepUpInspection

Boolean

N/A

Read-only

Whether the license supports using manual ID step-up inspection services.

canUseManualIdInspection

Boolean

N/A

Read-only

Whether the license supports using manual ID inspection services.

canUseMfa

Boolean

N/A

Read-only

Whether the license supports using MFA in the specified environment.

canUseMfaFido2Devices

Boolean

N/A

Read-only

Whether the license supports MFA operations on FIDO2 devices.

canUseMfaPushNotifications

Boolean

N/A

Read-only

Whether the license supports MFA push authentication for native applications in the specified environment.

canUseMfaVoiceOtp

Boolean

N/A

Read-only

Whether the license supports MFA voice OTP for native applications in the specified environment.

canUseMyAccount

Boolean

N/A

Read-only

Whether the license supports using the My Account capabilities in the specified environment.

canUseNewAccountFraudDetection

Boolean

N/A

Read-only

Whether the license supports using new account fraud detection capabilities in the specified environment.

canUseOrchestration

Boolean

N/A

Read-only

Whether the license supports using orchestration capabilities in the specified environment.

canUsePasswordManagement

Boolean

N/A

Read-only

Whether the license supports using password management capabilities in the specified environment.

canUsePasswordOnlyAuthentication

Boolean

N/A

Read-only

Whether the license supports using password only login capabilities in the specified environment.

canUsePasswordPolicy

Boolean

N/A

Read-only

Whether the license supports using password policies in the specified environment.

canUsePlatform

Boolean

N/A

Read-only

The status of the associated license. Return values are true (ACTIVE) and false (TERMINATED).

canUseProtectTransactions

Boolean

N/A

Read-only

Whether the license supports using protect transaction capabilities in the specified environment.

canUseProvisioning

Boolean

N/A

Read-only

Whether the license supports using provisioning capabilities in the specified environment.

canUseRadiusGateway

Boolean

N/A

Read-only

Whether the license supports using radius gateway services.

canUseSmsOtp

Boolean

N/A

Read-only

Whether the license supports using SMS OTP capabilities.

canUseTotp

Boolean

N/A

Read-only

Whether the license supports using TOTP capabilities.

canUseVerificationFlow

Boolean

N/A

Read-only

Whether the license supports using verification flows in the specified environment.

canUseVerify

Boolean

N/A

Read-only

Whether the license supports using Verify in the specified environment.

canUseVerifyPushNotifications

Boolean

N/A

Read-only

Whether the license supports using verify push notifictions capabilities in the specified environment.

canUseVerifyVoice

Boolean

N/A

Read-only

Whether the license supports using verify voice capabilities in the specified environment.

canUseVoiceBiometrics

Boolean

N/A

Read-only

Whether the license supports using biometric voice capabilities in the specified environment.

canUseUniversalCapture

Boolean

N/A

Read-only

Whether the license supports using universal capture capabilities in the specified environment.

canUsersUpdateSelf

Boolean

N/A

Read-only

Whether the license supports allowing users to update their own profile.

environmentId

String

N/A

Read-only

The ID of the environment.

Response codes

Code	Message
200	Successful operation.
400	The request could not be completed.
401	You do not have access to this resource.
403	You do not have permissions or are not licensed to make this request.
404	The requested resource was not found.

You need Organization Admin role or the Environment Admin role to get the capabilities for an organization or an environment, respectively. For more information about roles, refer to Roles.

PingOne Platform APIs

Capabilities

Capabilities events generated

Organization capabilities data model

Environment capabilities data model

Response codes