Changelog

The following changes have been made to the PingOne APIs or the associated SDKs, by year.

2026
2025
2024

2026

Release Date Description

Release Date	Description
Jan 15, 2026	When defining FIDO policies, you can now use the new object `userVerification.pinRequirement` to set a minimum PIN code length for devices. For details, refer to the FIDO policies data model and the Create FIDO Policy - specific authenticators example.
Jan 12, 2026	For Microsoft 365 applications, you can now specify the Assertion Validity Duration (the `assertionDuration` property). This setting controls the expiration time for the SAML assertion in passive profile sign-on requests. We’ve also added support for WS-Trust (Web Services Trust) 1.3 for Microsoft 365 applications. These options are supported when Advanced Configuration is enabled. For details, refer to Applications WS-Federation settings data model.

Jan 15, 2026

When defining FIDO policies, you can now use the new object userVerification.pinRequirement to set a minimum PIN code length for devices. For details, refer to the FIDO policies data model and the Create FIDO Policy - specific authenticators example.

Jan 12, 2026

For Microsoft 365 applications, you can now specify the Assertion Validity Duration (the assertionDuration property). This setting controls the expiration time for the SAML assertion in passive profile sign-on requests. We’ve also added support for WS-Trust (Web Services Trust) 1.3 for Microsoft 365 applications. These options are supported when Advanced Configuration is enabled.

For details, refer to Applications WS-Federation settings data model.

2025

Release Date Description

Release Date	Description
Dec 7, 2025	To reduce the likelihood of PingOne email notifications getting flagged as spam when you are using Ping Identity as the notification sender, you can use the new endpoint mailFromDomain to define a custom MAIL FROM domain for trusted email domains that you have configured. Specifying a MAIL FROM domain results in SPF alignment with the FROM header, reducing the chances that the DMARC check will fail. You can find details in Custom MAIL FROM domains, and in the relevant PUT, GET, and DELETE examples.
Nov 25, 2025	Voice Verification capability within PingOne Verify is deprecated and will be removed Oct 17, 2026.
Nov 17, 2025	The platform now supports incoming customer-configuration data on requests to customer environments. You can define multiple inbound traffic policies that identify specific clients and the structure of their requests. For detailed information, refer to Inbound Traffic Policies.
Oct 28, 2025	The platform includes an `mtlsEnabled` property on custom domains to specifies whether the custom domain supports the use of mTLS when establishing connections to PingOne. Refer to Custom Domains.
Oct 22, 2025	The platform now includes endpoints to import and export forms. Refer to Import Form and Export Form.
Oct 22, 2025	The platform now includes endpoints to retrieve authorization server metadata. Refer to OAuth 2.0 Authorization Server Metadata and OAuth 2.0 Authorization Server Metadata (custom domain).
Oct 20, 2025	We’ve published the PingOne Universal Services collections (PingOne Authorize, PingOne DaVinci, PingOne MFA, PingOne Credentials, and PingOne Protect) as independent documentation sets. All are linked from the PingOne Platform API Reference.
Sep 24, 2025	PingOne Verify removed limits per user, both per hour and per day. Therefore, Reset Verification, which resets the verification limits of a user, is deprecated and will be removed Sep 24, 2026.
Sep 15, 2025	We’ve added support for the new Rate Limiting feature. Rate entitlement enforcement will begin at some point after September 2025. You can use the API Usage Dashboard now to track your usage, and determine if the existing entitlements will be sufficient to meet the needs of your business when enforcement starts. Refer to Rate Limiting for more information.
Sep 2, 2025	When defining a custom provider for SMS/voice or email notifications from PingOne, you can now also use providers that require authentication with OAuth 2 or a custom header. For details, see the Create Phone Delivery Settings (custom, OAUTH2) example, the Create Phone Delivery Settings (custom, custom header) example, the Email delivery settings data model under Email Delivery Settings, and the Custom provider phone delivery settings properties (excluding Twilio and Syniverse) table under Phone Delivery Settings.
Aug 27, 2025	We’ve added support for RFC 7914 for Scrypt password encoding. This encoding is used in our new `SCRYPT_RFC7914` identifier to distinguish it from the earlier encoding (still supported) using the `SCRYPT` identifier. Refer to Password encoding for more information.
Aug 19, 2025	For the User-based Risk Behavior predictor, you can now include the new field `shouldDetectCompromisedAccount` if you want PingOne to attempt to detect compromised user accounts and take this into account when calculating the risk level for this predictor. In cases where there are indications that the user’s account has been compromised, `result.recommendedAction` is returned with a value of ACCOUNT_RECOVERY. For details, refer to Risk Predictors.
Aug 13, 2025	For PingOne environments where PingID accounts have been integrated, you can now include the PingID-specific authentication methods such as the PingID app in your device authentication policies. For details, refer to Device Authentication Policies and the Update Device Authentication Policy (env with PingID integration) example.
Aug 10, 2025	For mobile applications, a new parameter called `passcodeGracePeriod` has been added to allow you to customize the grace period during which the passcode can still be used even after the passcode has been refreshed. For details, refer to the Applications OIDC settings data model.
Jul 27, 2025	For PingOne email notifications, you can now use the new `emailProviderFallbackChain` field to switch back to using the Ping server without losing the settings for the custom server/provider that you defined. For details, refer to Notifications settings.
Jul 23, 2025	The platform now supports a Forms component setting to control the visibility of a form field. For more information, refer to FormField data model.
Jul 14, 2025	OIDC-based applications in PingOne can now request an access token that accesses scopes from multiple custom resources in a single request. For more information, refer to Applications OIDC settings data model and Resource Scopes.
Jul 7, 2025	For applications of type `PORTAL_LINK_APP`, you can now specify an external ID for the application. For details, refer to the description of the new `externalId` field in the Applications base data model.
Jul 7, 2025	You can now use Targeted risk policies to define risk policies for different "targets" - combinations of transaction types, user groups, and applications that are being accessed. When a risk evaluation is carried out, these targeted policies are processed in the order that you specified. PingOne Protect uses the first policy whose conditions (transaction type, user group, application) are met. For details, refer to Targeted risk policies under Risk Policies, the Create Risk Policy Set - Targeted Policy with Mitigations example, and the Create Risk Evaluation (using targeted risk policies) example.
Jul 7, 2025	You can now include mitigations in your risk policies. In this context, a mitigation is an action that you recommend if a given condition is met, for example, deny access if the email reputation predictor indicates high risk. In situations where the condition is met, the action that you recommended be taken is returned in the risk evaluation response as the value of the `result.mitigations[].action` field. For details, refer to Using mitigations in your policies and Risk policies data model under Risk Policies, and the Create Risk Policy Set - Targeted Policy with Mitigations example.
Jul 2, 2025	We’ve added a new role, Help Desk Admin, to manage user MFA methods and devices, and reset passwords to resolve any account lockouts. Refer to Built-in Admin Roles and PingOne Role Permissions for more information.
Jun 30, 2025	The platform now supports the SG (Singapore) region. For details, refer to Working with PingOne APIs.
Jun 25, 2025	Added the `opSessionCheckEnabled` application property to support OIDC session management. For more information see, OIDC Session Management and the Applications OIDC settings data model.
Jun 24, 2025	We now support the Czech language for language translations. Refer to Language Translations for more information.
Jun 17, 2025	It is now possible to send PingOne notifications via Twilio Verify, and you can use any Verify templates that you have defined. For details, refer to Phone Delivery Settings, the Content Properties table under Notifications Templates, and the following Postman examples: Create Phone Delivery Settings (Twilio Verify), Read One Phone Delivery Settings (include Verify templates), and Create SMS Content (including Twilio Verify template).
Jun 3, 2025	We’ve added the `virtualServerSettings` properties for SAML applications, enabling you to use multiple self-identifiers when connecting to the same SAML application. Refer to Applications SAML settings data model for details.
May 27, 2025	We’ve added the `logoutType` property, enabling you to specify either OIDC_RP_INITIATED or SAML2_SLO when logging out of applications of type PING_ONE_SELF_SERVICE or PING_ONE_PORTAL (Application Portal). Refer to the OIDC data model settings for PING_ONE_SELF_SERVICE and PING_ONE_PORTAL for details.
May 13, 2025	When creating a FIDO policy, you can now specify that it requires enterprise attestation to verify that the authenticator being used was provided by the organization. For details, refer to the Create FIDO Policy - FIDO-certified and enterprise example and the FIDO policies data model.
May 13, 2025	When creating a FIDO policy, you can use the new `userDisplayNameAttributes.suffix` field to include the PingOne environment name and/or the PingOne organization name in the popup window that is displayed when a user adds a passkey as an authentication method. For details, refer to the FIDO policies data model.
May 11, 2025	The use of OATH tokens as an authentication method, which was introduced a number of months ago for environments where PingID accounts were integrated, is now available for all PingOne environments that include the PingOne MFA or PingID services. You can use the `oathTokens` endpoint to add OATH tokens to the environment and carry out actions such as revoking or resyncing tokens. For For details, refer to OATH tokens and the Create MFA User Device (OATH token) example.
Apr 30, 2025	You can now soft-delete PingOne `PRODUCTION` environments, making the environment non-operational for a waiting period before it can be deleted. This is to help protect you from inadvertently deleting a Production environment. Refer to Environments and Deleting Environments for more information.
Apr 30, 2025	The `TEXTBLOB` form field type (`fieldTypes` property) has been deprecated. Refer to Forms for more information.
Apr 29, 2025	We’ve published a new Getting Started guide for the PingOne Platform APIs, and removed the existing Tutorial guide (the Getting Started guide now covers this information). Refer to PingOne for Developers Getting Started.
Apr 28, 2025	In your notification policies, you can now define waiting periods before users can request another notification such as another OTP, as well as a maximum number of such requests before the user is temporarily locked out. Refer to the new `cooldownConfiguration` object in Notification Policies and the Create Notification Policy / Environment example.
Apr 28, 2025	Your MFA policies can now include WhatsApp as an authentication method. For details, refer to Instant Messaging Delivery Settings, the Offline device (SMS, voice, email, WhatsApp) authentication policy data model in Device Authentication Policies, and the Create WhatsApp Content example.
Apr 22, 2025	The platform now supports the x5t signature header in the signed JWT. Refer to Applications OIDC settings data model.
Apr 22, 2025	The platform now supports configuration options for Davinci flow execution using the PingOne authorize endpoint in which the response returns JSON. Refer to DaVinci Flow Executions.
Apr 21, 2025	The platform now supports DaVinci Admin API operations through the PingOne API resource server to manage DaVinci workflow configuration. Refer to DaVinci Admin APIs for links to all available services.
Apr 7, 2025	We’ve added Early Access Features APIs enabling you to adopt and provide feedback on PingOne features before the General Availability release. Refer to Early Access Features for more information.
Apr 2, 2025	You can now specify that a mobile push requires the user to match a number that they were shown when requesting access. To enable the option for an application, use the new `push.numberMatching.enabled` property in your MFA policy. Refer to Device Authentication Policies. To control how the user performs the matching - selection from a group of three numbers or manually entering the number - use the `push.numberMatching.type` property when configuring the mobile settings for the application. Refer to Application Operations.
Apr 2, 2025	You can now cancel an authentication process that has already begun. This can be used in situations where a user decides they want to use a different authentication device. For details, refer to the Cancel Device Authentication and Cancel Authentication Flow examples.
Mar 25, 2025	When using the `devices` endpoint to request details of a single MFA device or all MFA devices, responses for activated FIDO2 devices can now include the AAGUID for the type of authenticator. For details, refer to the new `fidoDeviceMetadata` object in MFA devices.
Mar 18, 2025	When configuring an MFA policy, you can now specify for FIDO2 devices the maximum number of times authentication can fail before the user is blocked temporarily, and how long the user should be blocked. Refer to the new `fido2.failure` object in Device Authentication Policies.
Mar 10, 2025	ID tokens now include a new claim called `p1.mfa_device_id`, the ID of the device that was used to authenticate. Refer to ID Token claims.
Mar 4, 2025	For workforce contexts, risk evaluations can now include the new PingID Device Trust predictor. For details, refer to Risk Predictors and the Create Risk Evaluation (includes device trust predictor) example.
Feb 25, 2025	When determining the language to use for a notification, PingOne now also takes into consideration the Accept-Language header in the request. For details, refer to Runtime logic for content selection in Notifications Templates.
Feb 25, 2025	When creating or updating an MFA policy, you can now specify the notification policy that should be used with the MFA policy by using the new `notificationsPolicy.id` field. Refer to Device Authentication Policies and the Create Device Authentication Policy example.
Feb 24, 2025	In MFA policies, you can now include a "remember me" option so that users do not have to authenticate when accessing applications from a device they have used before. Refer to the new `rememberMe` object in Device Authentication Policies and the implementation instructions in Remembered Devices.
Feb 18, 2025	When creating or updating a population, if you do not specify a `theme.id` value in your request, the default theme for the current environment is used. Refer to Create Population and Update Population.
Feb 12, 2025	The platform supports token fulfillment in PingOne, enabling admins to map attributes from a source’s authentication JWT to the PingOne generated token to improve interoperability with OIDC applications. Refer to Use an authentication JWT for token fulfillment.
Feb 5, 2025	You can now define multiple custom providers to use for SMS / voice notifications. In environments with more than one custom provider, you can specify in your notification policies the order of provider preference to use in different geographical locations. For details, refer to the new `providerConfiguration` object in Notification Policies.
Jan 28, 2025	We’ve added the ability for an OIDC application to request to terminate a user session from the IdP associated with the user using only the ID token. Refer to GET IdP Signoff for details.
Jan 21, 2025	The platform now supports the `LINKEDIN_OIDC` identity provider type to specify LinkedIn as an external identity provider. The `LINKEDIN` type is deprecated and will be removed from the platform in February, 2026. For details, refer to Create Identity Provider (LinkedIn OIDC).
Jan 13, 2025	PingOne Verify added an additional provider, Babel Street Rosette, to enhance matching of biographic data on submitted documents to corresponding data on verified records. A new request, Verify Identity Record Matching provides access to this provider outside the context of a verify transaction. This new request requires a specific license entitlement.
Jan 9, 2025	You can now define a period during which a specific user should be allowed to bypass MFA. Refer to Allow MFA Bypass for User.
Jan 9, 2025	For RADIUS gateways, support has been added for the EAP-MSCHAP v2 protocol. Also, to help block Blast RADIUS attacks, a new object called `blastRadiusMitigation` has been added. Refer to Gateway Management.
Jan 9, 2025	When defining FIDO policies, you can now include the new `publicKeyCredentialHints` array to provide public key credential hints to the browser in order to give priority to the authentication method that the user is most likely to use. For details, refer to FIDO Policies.
Jan 7, 2025	For PingOne environments where PingID accounts have been integrated, you can use the new `oathTokens ` endpoint to add OATH tokens to the environment and carry out actions such as revoking or resyncing tokens. For details, refer to OATH tokens and the Create MFA User Device (OATH token) example.

Dec 7, 2025

To reduce the likelihood of PingOne email notifications getting flagged as spam when you are using Ping Identity as the notification sender, you can use the new endpoint mailFromDomain to define a custom MAIL FROM domain for trusted email domains that you have configured. Specifying a MAIL FROM domain results in SPF alignment with the FROM header, reducing the chances that the DMARC check will fail. You can find details in Custom MAIL FROM domains, and in the relevant PUT, GET, and DELETE examples.

Nov 25, 2025

Voice Verification capability within PingOne Verify is deprecated and will be removed Oct 17, 2026.

Nov 17, 2025

The platform now supports incoming customer-configuration data on requests to customer environments. You can define multiple inbound traffic policies that identify specific clients and the structure of their requests. For detailed information, refer to Inbound Traffic Policies.

Oct 28, 2025

The platform includes an mtlsEnabled property on custom domains to specifies whether the custom domain supports the use of mTLS when establishing connections to PingOne. Refer to Custom Domains.

Oct 22, 2025

The platform now includes endpoints to import and export forms. Refer to Import Form and Export Form.

Oct 22, 2025

The platform now includes endpoints to retrieve authorization server metadata. Refer to OAuth 2.0 Authorization Server Metadata and OAuth 2.0 Authorization Server Metadata (custom domain).

Oct 20, 2025

We’ve published the PingOne Universal Services collections (PingOne Authorize, PingOne DaVinci, PingOne MFA, PingOne Credentials, and PingOne Protect) as independent documentation sets. All are linked from the PingOne Platform API Reference.

Sep 24, 2025

PingOne Verify removed limits per user, both per hour and per day. Therefore, Reset Verification, which resets the verification limits of a user, is deprecated and will be removed Sep 24, 2026.

Sep 15, 2025

We’ve added support for the new Rate Limiting feature. Rate entitlement enforcement will begin at some point after September 2025. You can use the API Usage Dashboard now to track your usage, and determine if the existing entitlements will be sufficient to meet the needs of your business when enforcement starts. Refer to Rate Limiting for more information.

Sep 2, 2025

When defining a custom provider for SMS/voice or email notifications from PingOne, you can now also use providers that require authentication with OAuth 2 or a custom header. For details, see the Create Phone Delivery Settings (custom, OAUTH2) example, the Create Phone Delivery Settings (custom, custom header) example, the Email delivery settings data model under Email Delivery Settings, and the Custom provider phone delivery settings properties (excluding Twilio and Syniverse) table under Phone Delivery Settings.

Aug 27, 2025

We’ve added support for RFC 7914 for Scrypt password encoding. This encoding is used in our new SCRYPT_RFC7914 identifier to distinguish it from the earlier encoding (still supported) using the SCRYPT identifier. Refer to Password encoding for more information.

Aug 19, 2025

For the User-based Risk Behavior predictor, you can now include the new field shouldDetectCompromisedAccount if you want PingOne to attempt to detect compromised user accounts and take this into account when calculating the risk level for this predictor. In cases where there are indications that the user’s account has been compromised, result.recommendedAction is returned with a value of ACCOUNT_RECOVERY. For details, refer to Risk Predictors.

Aug 13, 2025

For PingOne environments where PingID accounts have been integrated, you can now include the PingID-specific authentication methods such as the PingID app in your device authentication policies. For details, refer to Device Authentication Policies and the Update Device Authentication Policy (env with PingID integration) example.

Aug 10, 2025

For mobile applications, a new parameter called passcodeGracePeriod has been added to allow you to customize the grace period during which the passcode can still be used even after the passcode has been refreshed. For details, refer to the Applications OIDC settings data model.

Jul 27, 2025

For PingOne email notifications, you can now use the new emailProviderFallbackChain field to switch back to using the Ping server without losing the settings for the custom server/provider that you defined. For details, refer to Notifications settings.

Jul 23, 2025

The platform now supports a Forms component setting to control the visibility of a form field. For more information, refer to FormField data model.

Jul 14, 2025

OIDC-based applications in PingOne can now request an access token that accesses scopes from multiple custom resources in a single request. For more information, refer to Applications OIDC settings data model and Resource Scopes.

Jul 7, 2025

For applications of type PORTAL_LINK_APP, you can now specify an external ID for the application. For details, refer to the description of the new externalId field in the Applications base data model.

Jul 7, 2025

You can now use Targeted risk policies to define risk policies for different "targets" - combinations of transaction types, user groups, and applications that are being accessed. When a risk evaluation is carried out, these targeted policies are processed in the order that you specified. PingOne Protect uses the first policy whose conditions (transaction type, user group, application) are met. For details, refer to Targeted risk policies under Risk Policies, the Create Risk Policy Set - Targeted Policy with Mitigations example, and the Create Risk Evaluation (using targeted risk policies) example.

Jul 7, 2025

You can now include mitigations in your risk policies. In this context, a mitigation is an action that you recommend if a given condition is met, for example, deny access if the email reputation predictor indicates high risk. In situations where the condition is met, the action that you recommended be taken is returned in the risk evaluation response as the value of the result.mitigations[].action field. For details, refer to Using mitigations in your policies and Risk policies data model under Risk Policies, and the Create Risk Policy Set - Targeted Policy with Mitigations example.

Jul 2, 2025

We’ve added a new role, Help Desk Admin, to manage user MFA methods and devices, and reset passwords to resolve any account lockouts. Refer to Built-in Admin Roles and PingOne Role Permissions for more information.

Jun 30, 2025

The platform now supports the SG (Singapore) region. For details, refer to Working with PingOne APIs.

Jun 25, 2025

Added the opSessionCheckEnabled application property to support OIDC session management. For more information see, OIDC Session Management and the Applications OIDC settings data model.

Jun 24, 2025

We now support the Czech language for language translations. Refer to Language Translations for more information.

Jun 17, 2025

It is now possible to send PingOne notifications via Twilio Verify, and you can use any Verify templates that you have defined. For details, refer to Phone Delivery Settings, the Content Properties table under Notifications Templates, and the following Postman examples: Create Phone Delivery Settings (Twilio Verify), Read One Phone Delivery Settings (include Verify templates), and Create SMS Content (including Twilio Verify template).

Jun 3, 2025

We’ve added the virtualServerSettings properties for SAML applications, enabling you to use multiple self-identifiers when connecting to the same SAML application. Refer to Applications SAML settings data model for details.

May 27, 2025

We’ve added the logoutType property, enabling you to specify either OIDC_RP_INITIATED or SAML2_SLO when logging out of applications of type PING_ONE_SELF_SERVICE or PING_ONE_PORTAL (Application Portal). Refer to the OIDC data model settings for PING_ONE_SELF_SERVICE and PING_ONE_PORTAL for details.

May 13, 2025

When creating a FIDO policy, you can now specify that it requires enterprise attestation to verify that the authenticator being used was provided by the organization. For details, refer to the Create FIDO Policy - FIDO-certified and enterprise example and the FIDO policies data model.

May 13, 2025

When creating a FIDO policy, you can use the new userDisplayNameAttributes.suffix field to include the PingOne environment name and/or the PingOne organization name in the popup window that is displayed when a user adds a passkey as an authentication method. For details, refer to the FIDO policies data model.

May 11, 2025

The use of OATH tokens as an authentication method, which was introduced a number of months ago for environments where PingID accounts were integrated, is now available for all PingOne environments that include the PingOne MFA or PingID services. You can use the oathTokens endpoint to add OATH tokens to the environment and carry out actions such as revoking or resyncing tokens. For For details, refer to OATH tokens and the Create MFA User Device (OATH token) example.

Apr 30, 2025

You can now soft-delete PingOne PRODUCTION environments, making the environment non-operational for a waiting period before it can be deleted. This is to help protect you from inadvertently deleting a Production environment. Refer to Environments and Deleting Environments for more information.

Apr 30, 2025

The TEXTBLOB form field type (fieldTypes property) has been deprecated. Refer to Forms for more information.

Apr 29, 2025

We’ve published a new Getting Started guide for the PingOne Platform APIs, and removed the existing Tutorial guide (the Getting Started guide now covers this information). Refer to PingOne for Developers Getting Started.

Apr 28, 2025

In your notification policies, you can now define waiting periods before users can request another notification such as another OTP, as well as a maximum number of such requests before the user is temporarily locked out. Refer to the new cooldownConfiguration object in Notification Policies and the Create Notification Policy / Environment example.

Apr 28, 2025

Your MFA policies can now include WhatsApp as an authentication method. For details, refer to Instant Messaging Delivery Settings, the Offline device (SMS, voice, email, WhatsApp) authentication policy data model in Device Authentication Policies, and the Create WhatsApp Content example.

Apr 22, 2025

The platform now supports the x5t signature header in the signed JWT. Refer to Applications OIDC settings data model.

Apr 22, 2025

The platform now supports configuration options for Davinci flow execution using the PingOne authorize endpoint in which the response returns JSON. Refer to DaVinci Flow Executions.

Apr 21, 2025

The platform now supports DaVinci Admin API operations through the PingOne API resource server to manage DaVinci workflow configuration. Refer to DaVinci Admin APIs for links to all available services.

Apr 7, 2025

We’ve added Early Access Features APIs enabling you to adopt and provide feedback on PingOne features before the General Availability release. Refer to Early Access Features for more information.

Apr 2, 2025

You can now specify that a mobile push requires the user to match a number that they were shown when requesting access. To enable the option for an application, use the new push.numberMatching.enabled property in your MFA policy. Refer to Device Authentication Policies. To control how the user performs the matching - selection from a group of three numbers or manually entering the number - use the push.numberMatching.type property when configuring the mobile settings for the application. Refer to Application Operations.

Apr 2, 2025

You can now cancel an authentication process that has already begun. This can be used in situations where a user decides they want to use a different authentication device. For details, refer to the Cancel Device Authentication and Cancel Authentication Flow examples.

Mar 25, 2025

When using the devices endpoint to request details of a single MFA device or all MFA devices, responses for activated FIDO2 devices can now include the AAGUID for the type of authenticator. For details, refer to the new fidoDeviceMetadata object in MFA devices.

Mar 18, 2025

When configuring an MFA policy, you can now specify for FIDO2 devices the maximum number of times authentication can fail before the user is blocked temporarily, and how long the user should be blocked. Refer to the new fido2.failure object in Device Authentication Policies.

Mar 10, 2025

ID tokens now include a new claim called p1.mfa_device_id, the ID of the device that was used to authenticate. Refer to ID Token claims.

Mar 4, 2025

For workforce contexts, risk evaluations can now include the new PingID Device Trust predictor. For details, refer to Risk Predictors and the Create Risk Evaluation (includes device trust predictor) example.

Feb 25, 2025

When determining the language to use for a notification, PingOne now also takes into consideration the Accept-Language header in the request. For details, refer to Runtime logic for content selection in Notifications Templates.

Feb 25, 2025

When creating or updating an MFA policy, you can now specify the notification policy that should be used with the MFA policy by using the new notificationsPolicy.id field. Refer to Device Authentication Policies and the Create Device Authentication Policy example.

Feb 24, 2025

In MFA policies, you can now include a "remember me" option so that users do not have to authenticate when accessing applications from a device they have used before. Refer to the new rememberMe object in Device Authentication Policies and the implementation instructions in Remembered Devices.

Feb 18, 2025

When creating or updating a population, if you do not specify a theme.id value in your request, the default theme for the current environment is used. Refer to Create Population and Update Population.

Feb 12, 2025

The platform supports token fulfillment in PingOne, enabling admins to map attributes from a source’s authentication JWT to the PingOne generated token to improve interoperability with OIDC applications. Refer to Use an authentication JWT for token fulfillment.

Feb 5, 2025

You can now define multiple custom providers to use for SMS / voice notifications. In environments with more than one custom provider, you can specify in your notification policies the order of provider preference to use in different geographical locations. For details, refer to the new providerConfiguration object in Notification Policies.

Jan 28, 2025

We’ve added the ability for an OIDC application to request to terminate a user session from the IdP associated with the user using only the ID token. Refer to GET IdP Signoff for details.

Jan 21, 2025

The platform now supports the LINKEDIN_OIDC identity provider type to specify LinkedIn as an external identity provider. The LINKEDIN type is deprecated and will be removed from the platform in February, 2026. For details, refer to Create Identity Provider (LinkedIn OIDC).

Jan 13, 2025

PingOne Verify added an additional provider, Babel Street Rosette, to enhance matching of biographic data on submitted documents to corresponding data on verified records. A new request, Verify Identity Record Matching provides access to this provider outside the context of a verify transaction. This new request requires a specific license entitlement.

Jan 9, 2025

You can now define a period during which a specific user should be allowed to bypass MFA. Refer to Allow MFA Bypass for User.

Jan 9, 2025

For RADIUS gateways, support has been added for the EAP-MSCHAP v2 protocol. Also, to help block Blast RADIUS attacks, a new object called blastRadiusMitigation has been added. Refer to Gateway Management.

Jan 9, 2025

When defining FIDO policies, you can now include the new publicKeyCredentialHints array to provide public key credential hints to the browser in order to give priority to the authentication method that the user is most likely to use. For details, refer to FIDO Policies.

Jan 7, 2025

For PingOne environments where PingID accounts have been integrated, you can use the new `oathTokens ` endpoint to add OATH tokens to the environment and carry out actions such as revoking or resyncing tokens. For details, refer to OATH tokens and the Create MFA User Device (OATH token) example.

2024

Release Date Description

Release Date	Description
Dec 18, 2024	The platform now supports DaVinci runtime endpoints for use with the DaVinci SDK. For details, refer to DaVinci Flow Executions.
Dec 9, 2024	When defining FIDO policies, you can now use the new `userPresenceTimeout` object to specify the amount of time the user has to perform a user presence gesture with their FIDO device before the request expires. For details, refer to FIDO Policies.
Nov 5, 2024	You can now return a refresh token by setting `offline_access` as a scope on the application’s resource grant and including `offline_access` in the `scope` parameter of the authorize request. Refer to Authorization for details.
Oct 29, 2024	We’ve added the SAML property `sessionNotOnOrAfterDuration` to allow you to specify a custom duration for the lifetime of a SAML assertion. Refer to SAML data model for details.
Oct 16, 2024	You can specify a replacement background of a uniform color to apply to user self portraits with the Update Verified Data Portrait Background request.
Oct 15, 2024	The platform now supports custom admin roles. For details, refer to Roles Management.
Oct 9, 2024	You can now use the `emailDeliverySettings` endpoint to configure the sending of notifications via an external email service. For details, refer to Email Delivery Settings.
Oct 7, 2024	For SMS, voice, and email authentication, you can now customize the length of the OTP that is shown to users. For details, refer to the new `otpLength` parameter in the Offline device (SMS, voice, email) authentication policy data model under Device Authentication Policies.
Sep 30, 2024	To help users recognize which application the OTP displayed in their authenticator app is for, your MFA policies can now specify text that should be displayed alongside the OTP. For details, refer to the new `uriParameters` object in the TOTP device authentication policy data model under Device Authentication Policies.
Sep 20, 2024	We’ve added the ability to modify Administrator Security to support enhanced admin security. Enhanced security requires the use of PingOne MFA for all admin sign-ons to PingOne. Refer to Administrator Security for more information.
Aug 29, 2024	When retrieving verified data with Read All User Verified Data, you can use the `attempt` query parameter to limit the number of retries returned and thus reduce the size of the response.
Aug 19, 2024	PingOne Protect now has a risk predictor called Traffic Anomaly intended to detect traffic anomalies in terms of variables such as users, devices, and sessions. The Traffic Anomaly predictor will eventually include a variety of rules, some of which you can select to enable or disable. Currently, the predictor detects situations where there are a large number of risk evaluations requested for a single user within a short period of time, and optionally can also detect situations where the number of users per device during a given period is suspicious. When a risk level of High is calculated for a Traffic Anomaly predictor, the `recommendedAction` field in the risk evaluation response has the value `DENY`, indicating that you should probably deny access. To create a Traffic Anomaly predictor, set the `type` parameter to the new value TRAFFIC_ANOMALY. If you want to also check the number of users per device, use the objects described in the traffic anomaly risk predictor data model. For details, refer to Risk Predictors and Risk evaluations.
Aug 5, 2024	When creating composite predictors, you can now include conditions that check what PingOne user groups the user belongs to. For details, refer to the Composite Risk Predictors section in Risk Predictors and the relevant example.
Aug 5, 2024	The Bot Detection predictor now has an option that you can enable to expand the range of bot activity that PingOne Protect can detect. For details, refer to the new field `includeRepeatedEventsWithoutSdk` under Risk Predictors.
Jul 22, 2024	For MFA, there is now an option to use dynamic linking to attach a unique identifier to the registration of a FIDO device. For details, refer to MFA devices.
Jul 15, 2024	MFA is now enforced for environment administrators during registration. You can read and update admin sign-on settings using the new Administrator Security endpoints. For details, refer to Administrator Security.
Jul 3, 2024	The Suspicious Device predictor now includes an option to specify that any risk policies that include the predictor will require that the Signals SDK payload be provided as a signed JWT whose signature will be verified before proceeding with risk evaluation. For details, refer to Risk Predictors.
Jun 27, 2024	We’ve added the new role "Application Owner", enabling you to restrict administrator access to specific applications. Use this role to assign application developers permissions only to the applications they manage. For details, refer to Roles.
Jun 18, 2024	When creating risk evaluations, you can now provide additional detail about the context of the flow by providing a value for `flow.subtype` in addition to `flow.type`. For details, refer to Risk evaluations.
Jun 17, 2024	A new endpoint, `riskFeedback`, has been added to allow you to provide feedback on the accuracy of specific risk evaluations that were carried out. Each such call can include feedback for up to 100 risk evaluations, and for each you can specify a feedback category and a reason for including the evaluation in that category, For details, refer to Providing feedback for risk evaluations.
Jun 4, 2024	For MFA, there is now an option to use dynamic linking to attach a unique identifier to a FIDO transaction. For details, refer to Create a request property JWT and Device authentications data model.
Jun 3, 2024	When creating or updating MFA policies, you can now include a field called `promptForNicknameOnPairing` to allow users to provide nicknames for devices during pairing. For details, refer to Device Authentication Policies.
May 28, 2024	The Forms service now supports a social login button as a field type option. For details, refer to Forms.
May 6, 2024	The platform now supports the AU (Australia/Asia Pacific) region. The platform continues to support the AP (Asia Pacific) region. However, if your environments use the `AP` region designation (`api.pingone.asia` domain) for Asia-Pacific countries, be aware that this region does not support the migration of PingID customers (or the PingID product) to the PingOne platform. To get PingID platform support for your Asia-Pacific environments, use the `AU` region designation (`api.pingone.com.au` domain) when creating your new environments. For details, refer to Working with PingOne APIs.
Apr 24, 2024	The Resources service now provides a property to add application permissions to access tokens. For details, refer to Resources.
Apr 8, 2024	Simplify changing your PingOne regional domain with an environment variable, `tld`, in the public PingOne environment template that represents the top level domain (TLD) for your PingOne domain, such as `com` or `eu`. All the `{{…Path}}` variables, such as `{{apiPath}}` and `{{authPath}}`, reference `{{tld}}`. To change your region’s top level domain, merely change the value of `{{tld}}`. Refer to PingOne API domains for more information.
Apr 4, 2024	With Managed Credential Issuance, client applications can issue and update credentials using Create Credential Type (managed) rather than an Issuance Rule.
Apr 3, 2024	You can submit a redirect URL and redirect message, used and seen by users when submitting verification documents, in the body of Create Verify Transaction.
Apr 3, 2024	You can issue and update user credentials via a Create a User Credential or Update a User Credential call rather than an Issuance Rule.
Apr 3, 2024	When you create a trusted email domain, PingOne now prepares an additional text record that reflects the association of the domain with the specific PingOne environment. If you add this new record to your DNS, any "sender" email address belonging to the domain is set to active status as soon as you create it, with no need for a verification email. For details, refer to Trusted Email Domains.
Apr 2, 2024	FIDO policies now include an option called `aggregateDevices` that you can use to specify that the displayed list of available authentication methods should include only a single generic entry for FIDO2 devices, even if the user has multiple paired FIDO2 devices. For details, refer to FIDO Policies. With the introduction of this feature, responses to requests that use the `deviceAuthentications` and `flows` endpoints may now include a field called `aggregateFido2Devices`, indicating whether the available authentication method list should include only a single generic FIDO2 option.
Mar 12, 2024	We’ve added the new LDAP Gateway attribute `userTypes.updateUserOnSuccessfulAuthentication`. When enabled, on user sign on, user attributes are updated based on responses from the LDAP server. For details, refer to Gateway LDAP data model.
Mar 4, 2024	The external IdP service now supports PKCE. A new `pkceMethod` property has been added to the base IdP data model. For details, refer to Identity Provider Management.
Mar 4, 2024	PingOne Protect now has a new risk predictor called Email Reputation to detect the use of disposable email addresses during registration. The value of the `type` parameter for this predictor is EMAIL_REPUTATION. For details, refer to Risk Predictors. For risk evaluations based on policies that include an email reputation predictor, the response may include a value of TEMP_EMAIL_MITIGATION for the `result.recommendedAction` field. For details, refer to Risk evaluations.
Mar 4, 2024	For risk evaluations that use a risk policy with the New Device predictor, the response now includes the field `details.device.lastSeen`, which represents the date and time that the device was last seen. If an externally-maintained device ID was provided in the risk evaluation request, the response will include `externalLastSeen` for the date and time that the device was last seen. For details, refer to Risk evaluations.
Feb 28, 2024	For situations where a user did not receive the one-time passcode (OTP) that was sent for pairing a device, you can now use the `devices` endpoint to resend the OTP. For details, refer to Resend Pairing Code.
Feb 21, 2024	The platform now supports the `device_code` device authorization grant type on an application configuration, and it also provides endpoints to initiate and manage a device authorization flow. For details, refer to Device Authorization Grant.
Feb 20, 2024	A new field, `fidoUserVerification`, was added to the information that can be included in MFA device reports generated with the `dataExplorations` endpoint. For details, refer to Reporting.
Feb 14, 2024	PingOne now supports the `CLIENT_SECRET_JWT` and `PRIVATE_KEY_JWT` token endpoint authentication methods for OIDC applications. For details, refer to the `jwks` and `jwksUrl` properties in Application Operations, the `client_assertion` and `client_assertion_type` properties in OpenID Connect/OAuth 2, Token (authorization_code) (CLIENT_SECRET_JWT), Token (authorization_code) (PRIVATE_KEY_JWT), and Configure CLIENT_SECRET_JWT as the Token Auth Method.
Feb 12, 2024	PingOne Protect now has a new risk predictor to prevent Adversary-in-the-Middle (AitM) attacks. To create an AitM predictor, set the `type` parameter to the new value ADVERSARY_IN_THE_MIDDLE and use the `whiteList` parameter to specify the legitimate domains that your users will access for your restricted resources. For details, refer to Risk Predictors.
Feb 5, 2024	PingOne Verify no longer reads or uses `verifyStatus` on the user. The PingOne Neo Verify Verify Status endpoint, `/environments/{{envID}}/users/{{userID}}/verifyStatus` and its two operations, Read User Verification Status and Update User Verification Status at the same URL, are deprecated. The endpoint and requests will be removed February 2025.
Jan 19, 2024	We’ve added the `icon` property to the Environments service, enabling you to assign an icon to a PingOne environment. Refer to the Environments data model for details.
Jan 16, 2024	The platform’s client secret configuration now supports optional parameters to designate the replaced secret as a "previous" secret that remains valid for a specified period, up to 30 days. For details, refer to Update Application Secret and Create Resource Client Secret.
Jan 11, 2024	The platform supports the PingOne Authorize application resources and roles services, which provide endpoints to define custom resources, roles, and permissions to protect external application resources. For details, refer to PingOne Authorize Application Resources and Roles.
Jan 8, 2024	The platform supports reduced self-service scopes when the `mfa` authentication method is not included as an `amr` claim value in the token. For details, refer to PingOne self-management scopes.
Jan 7, 2024	Changes have been made to the steps required to retrieve MFA device reports generated as files. This is reflected in the responses to the relevant requests. For details, refer to Reporting. Note that the .zip file containing the report is now password-protected and cannot be opened without the password that is returned.
Jan 4, 2024	A field called `device.externalId` has been added to the Event data model for risk evaluations. You can use this field to send an externally-maintained device ID to the risk evaluation. If you provide such an ID, that is the device ID that will be used rather than the device ID provided by the Signals SDK. For details, refer to Risk evaluations.
Jan 3, 2024	We’ve added a `corsSettings` object to support applications using cross-origin resource sharing (CORS). Refer to Cross-origin resource sharing, and the `corsSettings` properties in the Applications data models for OIDC, SAML, and WS-Federation.

Dec 18, 2024

The platform now supports DaVinci runtime endpoints for use with the DaVinci SDK. For details, refer to DaVinci Flow Executions.

Dec 9, 2024

When defining FIDO policies, you can now use the new userPresenceTimeout object to specify the amount of time the user has to perform a user presence gesture with their FIDO device before the request expires. For details, refer to FIDO Policies.

Nov 5, 2024

You can now return a refresh token by setting offline_access as a scope on the application’s resource grant and including offline_access in the scope parameter of the authorize request. Refer to Authorization for details.

Oct 29, 2024

We’ve added the SAML property sessionNotOnOrAfterDuration to allow you to specify a custom duration for the lifetime of a SAML assertion. Refer to SAML data model for details.

Oct 16, 2024

You can specify a replacement background of a uniform color to apply to user self portraits with the Update Verified Data Portrait Background request.

Oct 15, 2024

The platform now supports custom admin roles. For details, refer to Roles Management.

Oct 9, 2024

You can now use the emailDeliverySettings endpoint to configure the sending of notifications via an external email service. For details, refer to Email Delivery Settings.

Oct 7, 2024

For SMS, voice, and email authentication, you can now customize the length of the OTP that is shown to users. For details, refer to the new otpLength parameter in the Offline device (SMS, voice, email) authentication policy data model under Device Authentication Policies.

Sep 30, 2024

To help users recognize which application the OTP displayed in their authenticator app is for, your MFA policies can now specify text that should be displayed alongside the OTP. For details, refer to the new uriParameters object in the TOTP device authentication policy data model under Device Authentication Policies.

Sep 20, 2024

We’ve added the ability to modify Administrator Security to support enhanced admin security. Enhanced security requires the use of PingOne MFA for all admin sign-ons to PingOne. Refer to Administrator Security for more information.

Aug 29, 2024

When retrieving verified data with Read All User Verified Data, you can use the attempt query parameter to limit the number of retries returned and thus reduce the size of the response.

Aug 19, 2024

PingOne Protect now has a risk predictor called Traffic Anomaly intended to detect traffic anomalies in terms of variables such as users, devices, and sessions. The Traffic Anomaly predictor will eventually include a variety of rules, some of which you can select to enable or disable. Currently, the predictor detects situations where there are a large number of risk evaluations requested for a single user within a short period of time, and optionally can also detect situations where the number of users per device during a given period is suspicious. When a risk level of High is calculated for a Traffic Anomaly predictor, the recommendedAction field in the risk evaluation response has the value DENY, indicating that you should probably deny access. To create a Traffic Anomaly predictor, set the type parameter to the new value TRAFFIC_ANOMALY. If you want to also check the number of users per device, use the objects described in the traffic anomaly risk predictor data model. For details, refer to Risk Predictors and Risk evaluations.

Aug 5, 2024

When creating composite predictors, you can now include conditions that check what PingOne user groups the user belongs to. For details, refer to the Composite Risk Predictors section in Risk Predictors and the relevant example.

Aug 5, 2024

The Bot Detection predictor now has an option that you can enable to expand the range of bot activity that PingOne Protect can detect. For details, refer to the new field includeRepeatedEventsWithoutSdk under Risk Predictors.

Jul 22, 2024

For MFA, there is now an option to use dynamic linking to attach a unique identifier to the registration of a FIDO device. For details, refer to MFA devices.

Jul 15, 2024

MFA is now enforced for environment administrators during registration. You can read and update admin sign-on settings using the new Administrator Security endpoints. For details, refer to Administrator Security.

Jul 3, 2024

The Suspicious Device predictor now includes an option to specify that any risk policies that include the predictor will require that the Signals SDK payload be provided as a signed JWT whose signature will be verified before proceeding with risk evaluation. For details, refer to Risk Predictors.

Jun 27, 2024

We’ve added the new role "Application Owner", enabling you to restrict administrator access to specific applications. Use this role to assign application developers permissions only to the applications they manage. For details, refer to Roles.

Jun 18, 2024

When creating risk evaluations, you can now provide additional detail about the context of the flow by providing a value for flow.subtype in addition to flow.type. For details, refer to Risk evaluations.

Jun 17, 2024

A new endpoint, riskFeedback, has been added to allow you to provide feedback on the accuracy of specific risk evaluations that were carried out. Each such call can include feedback for up to 100 risk evaluations, and for each you can specify a feedback category and a reason for including the evaluation in that category, For details, refer to Providing feedback for risk evaluations.

Jun 4, 2024

For MFA, there is now an option to use dynamic linking to attach a unique identifier to a FIDO transaction. For details, refer to Create a request property JWT and Device authentications data model.

Jun 3, 2024

When creating or updating MFA policies, you can now include a field called promptForNicknameOnPairing to allow users to provide nicknames for devices during pairing. For details, refer to Device Authentication Policies.

May 28, 2024

The Forms service now supports a social login button as a field type option. For details, refer to Forms.

May 6, 2024

The platform now supports the AU (Australia/Asia Pacific) region. The platform continues to support the AP (Asia Pacific) region. However, if your environments use the AP region designation (api.pingone.asia domain) for Asia-Pacific countries, be aware that this region does not support the migration of PingID customers (or the PingID product) to the PingOne platform. To get PingID platform support for your Asia-Pacific environments, use the AU region designation (api.pingone.com.au domain) when creating your new environments. For details, refer to Working with PingOne APIs.

Apr 24, 2024

The Resources service now provides a property to add application permissions to access tokens. For details, refer to Resources.

Apr 8, 2024

Simplify changing your PingOne regional domain with an environment variable, tld, in the public PingOne environment template that represents the top level domain (TLD) for your PingOne domain, such as com or eu. All the {{…Path}} variables, such as {{apiPath}} and {{authPath}}, reference {{tld}}. To change your region’s top level domain, merely change the value of {{tld}}. Refer to PingOne API domains for more information.

Apr 4, 2024

With Managed Credential Issuance, client applications can issue and update credentials using Create Credential Type (managed) rather than an Issuance Rule.

Apr 3, 2024

You can submit a redirect URL and redirect message, used and seen by users when submitting verification documents, in the body of Create Verify Transaction.

Apr 3, 2024

You can issue and update user credentials via a Create a User Credential or Update a User Credential call rather than an Issuance Rule.

Apr 3, 2024

When you create a trusted email domain, PingOne now prepares an additional text record that reflects the association of the domain with the specific PingOne environment. If you add this new record to your DNS, any "sender" email address belonging to the domain is set to active status as soon as you create it, with no need for a verification email. For details, refer to Trusted Email Domains.

Apr 2, 2024

FIDO policies now include an option called aggregateDevices that you can use to specify that the displayed list of available authentication methods should include only a single generic entry for FIDO2 devices, even if the user has multiple paired FIDO2 devices. For details, refer to FIDO Policies. With the introduction of this feature, responses to requests that use the deviceAuthentications and flows endpoints may now include a field called aggregateFido2Devices, indicating whether the available authentication method list should include only a single generic FIDO2 option.

Mar 12, 2024

We’ve added the new LDAP Gateway attribute userTypes.updateUserOnSuccessfulAuthentication. When enabled, on user sign on, user attributes are updated based on responses from the LDAP server. For details, refer to Gateway LDAP data model.

Mar 4, 2024

The external IdP service now supports PKCE. A new pkceMethod property has been added to the base IdP data model. For details, refer to Identity Provider Management.

Mar 4, 2024

PingOne Protect now has a new risk predictor called Email Reputation to detect the use of disposable email addresses during registration. The value of the type parameter for this predictor is EMAIL_REPUTATION. For details, refer to Risk Predictors. For risk evaluations based on policies that include an email reputation predictor, the response may include a value of TEMP_EMAIL_MITIGATION for the result.recommendedAction field. For details, refer to Risk evaluations.

Mar 4, 2024

For risk evaluations that use a risk policy with the New Device predictor, the response now includes the field details.device.lastSeen, which represents the date and time that the device was last seen. If an externally-maintained device ID was provided in the risk evaluation request, the response will include externalLastSeen for the date and time that the device was last seen. For details, refer to Risk evaluations.

Feb 28, 2024

For situations where a user did not receive the one-time passcode (OTP) that was sent for pairing a device, you can now use the devices endpoint to resend the OTP. For details, refer to Resend Pairing Code.

Feb 21, 2024

The platform now supports the device_code device authorization grant type on an application configuration, and it also provides endpoints to initiate and manage a device authorization flow. For details, refer to Device Authorization Grant.

Feb 20, 2024

A new field, fidoUserVerification, was added to the information that can be included in MFA device reports generated with the dataExplorations endpoint. For details, refer to Reporting.

Feb 14, 2024

PingOne now supports the CLIENT_SECRET_JWT and PRIVATE_KEY_JWT token endpoint authentication methods for OIDC applications. For details, refer to the jwks and jwksUrl properties in Application Operations, the client_assertion and client_assertion_type properties in OpenID Connect/OAuth 2, Token (authorization_code) (CLIENT_SECRET_JWT), Token (authorization_code) (PRIVATE_KEY_JWT), and Configure CLIENT_SECRET_JWT as the Token Auth Method.

Feb 12, 2024

PingOne Protect now has a new risk predictor to prevent Adversary-in-the-Middle (AitM) attacks. To create an AitM predictor, set the type parameter to the new value ADVERSARY_IN_THE_MIDDLE and use the whiteList parameter to specify the legitimate domains that your users will access for your restricted resources. For details, refer to Risk Predictors.

Feb 5, 2024

PingOne Verify no longer reads or uses verifyStatus on the user. The PingOne Neo Verify Verify Status endpoint, /environments/{{envID}}/users/{{userID}}/verifyStatus and its two operations, Read User Verification Status and Update User Verification Status at the same URL, are deprecated. The endpoint and requests will be removed February 2025.

Jan 19, 2024

We’ve added the icon property to the Environments service, enabling you to assign an icon to a PingOne environment. Refer to the Environments data model for details.

Jan 16, 2024

The platform’s client secret configuration now supports optional parameters to designate the replaced secret as a "previous" secret that remains valid for a specified period, up to 30 days. For details, refer to Update Application Secret and Create Resource Client Secret.

Jan 11, 2024

The platform supports the PingOne Authorize application resources and roles services, which provide endpoints to define custom resources, roles, and permissions to protect external application resources. For details, refer to PingOne Authorize Application Resources and Roles.

Jan 8, 2024

The platform supports reduced self-service scopes when the mfa authentication method is not included as an amr claim value in the token. For details, refer to PingOne self-management scopes.

Jan 7, 2024

Changes have been made to the steps required to retrieve MFA device reports generated as files. This is reflected in the responses to the relevant requests. For details, refer to Reporting. Note that the .zip file containing the report is now password-protected and cannot be opened without the password that is returned.

Jan 4, 2024

A field called device.externalId has been added to the Event data model for risk evaluations. You can use this field to send an externally-maintained device ID to the risk evaluation. If you provide such an ID, that is the device ID that will be used rather than the device ID provided by the Signals SDK. For details, refer to Risk evaluations.

Jan 3, 2024

We’ve added a corsSettings object to support applications using cross-origin resource sharing (CORS). Refer to Cross-origin resource sharing, and the corsSettings properties in the Applications data models for OIDC, SAML, and WS-Federation.

More information

For more information about PingOne product updates, refer to Release Notes.