PingOne Platform APIs

Experiences

The Experiences service enables you to configure user sign-on experiences for particular user audiences. You can create, read, update and delete an experience.

Experiences data model

Property Type Required? Mutable? Description

id

String

Required

Immutable

The resource’s unique identifier.

name

String

Required

Mutable

A name unique to the environment to assign to the experience.

description

String

Optional

Mutable

A description of the experience.

flowType

String

Optional

Mutable

Accepted values are: USERNAME_AND_PASSWORD, IDENTIFIER_FIRST, IDENTITY_PROVIDER_FIRST.

firstFactor

Object

Required

Mutable

Only available when flowType is IDENTIFIER_FIRST. Contains the authentication configuration.

firstFactor.passwordless

Object

Optional

Mutable

Only available when flowType is IDENTIFIER_FIRST. Contains the configuration for Passwordless authentication.

firstFactor.passwordless.enabled

Boolean

Required

Mutable

Only available when flowType is IDENTIFIER_FIRST. Enables or disables Passwordless authentication. Defaults to false.

firstFactor.passwordless.usernameFirst

Boolean

Required/Optional

Mutable

Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passwordless.enabled is true. Enables or disables Passkey, SMS, or One-Time Password (OTP)-based passwordless flow. Defaults to false.

firstFactor.passwordless.passkeyPolicies

Array

Required

Mutable

Only available when flowType is IDENTIFIER_FIRST. Currently, only a single FIDO2 policy can be specified. An array is used to enable multi-policy selection in the future.

firstFactor.passwordless.passkeyPolicies.id

String

Required/Optional

Mutable

Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passwordless.passkeyPolicies is specified. A Fido2 policy ID.

firstFactor.passwordless.passkeyPolicies.type

String

Required/Optional

Immutable

Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passwordless.passkeyPolicies is specified. This value must be STANDARD_MFA.

firstFactor.passkeyOrBioMetric

Object

Required

Mutable

Only available when flowType is IDENTIFIER_FIRST. Contains the configuration for Passkey or Biometric authentication.

firstFactor.passkeyOrBioMetric.enabled

Boolean

Required

Mutable

Only available when flowType is IDENTIFIER_FIRST. Enables or disables Passkey or Biometric authentication. Defaults to false.

firstFactor.passkeyOrBioMetric.passkeyPolicies

Array

Required

Mutable

Only available when flowType is IDENTIFIER_FIRST. Currently, only a single FIDO2 policy can be specified. An array is used to enable multi-policy selection in the future.

firstFactor.passkeyOrBioMetric.passkeyPolicies.id

String

Required/Optional

Mutable

Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passkeyOrBioMetric.passkeyPolicies is specified. A Fido2 policy ID.

firstFactor.passkeyOrBioMetric.passkeyPolicies.type

String

Required/Optional

Immutable

Only available when flowType is IDENTIFIER_FIRST. Required when firstFactor.passkeyOrBioMetric.passkeyPolicies is specified. This value must be STANDARD_MFA.

firstFactor.identityProviders

Object

Required

Mutable

Contains the configuration for identity providers.

firstFactor.identityProviders.enabled

Boolean

Required

Mutable

Enables or disables Passkey or Biometric authentication. Defaults to false.

firstFactor.identityProviders.socialProviders

Array

Required

Mutable

Required when firstFactor.identityProviders.enabled is true. An array of social providers used as IdPs. See Identity Providers.

firstFactor.identityProviders.socialProviders.id

String

Required/Optional

Mutable

Required when firstFactor.identityProviders.socialProviders is specified. An identify provider ID for a social provider.

firstFactor.identityProviders.socialProviders.name

String

Required/Optional

Mutable

Required when firstFactor.identityProviders.socialProviders is specified. A name of a social provider used as an IdP.

firstFactor.identityProviders.socialProviders.type

String

Required/Optional

Immutable

Required when firstFactor.identityProviders.socialProviders is specified. The type of IdP. See Identity Provider Management.

firstFactor.rememberMe

Boolean

Optional

Mutable

Set this to true to remember the specified social providers. Defaults to false.

firstFactor.sessionTimeOut

Object

Optional

Immutable

Contains the time unit and value configuration for session timeout.

firstFactor.sessionTimeOut.unit

String

Required/Optional

Mutable

Required when firstFactor.sessionTimeOut is specified. The unit of time to use for session timeout. This can be one of the following: MM (minutes),HH (hours), DD (days), WW (weeks).

firstFactor.sessionTimeOut.value

String

Required/Optional

Mutable

Required when firstFactor.sessionTimeOut.unit is specified. The corresponding length of time value for the session timeout.

mfa

Object

Required

Mutable

Contains the configuration for multi-factor authentication.

mfa.enabled

Boolean

Required

Mutable

Enables or disables multi-factor authentication. Defaults to false.

mfa.enabled.accessPolicies

Array

Required

Mutable

Required when mfa.enabled is true. Currently, only a single Risk Policy or Device Authentication Policy identifier can be specified. An array is used to enable multi-policy selection in the future.

mfa.enabled.id

String

Required/Optional

Mutable

Required when mfa.enabled is true. This can be either a Risk Policy ID or a Device Authentication Policy ID.

mfa.enabled.type

String

Required/Optional

Immutable

Required when mfa.enabled is true. If mfa.enabled.id is a Risk Policy ID, this must be RISK_MFA. If mfa.enabled.id is a Device Authentication Policy ID, this must be STANDARD_MFA.

mfa.sessionTimeOut

Object

Optional

Immutable

Contains the time unit and value configuration for session timeout.

mfa.sessionTimeOut.unit

String

Required/Optional

Mutable

Required when mfa.sessionTimeOut is specified. The unit of time to use for session timeout. This can be one of the following: MM (minutes),HH (hours), DD (days), WW (weeks).

mfa.sessionTimeOut.value

String

Required/Optional

Mutable

Required when mfa.sessionTimeOut.unit is specified. The corresponding length of time value for the session timeout.

mfa.enrollment

Object

Required

Mutable

Contains the configuration for multi-factor authentication enrollment.

mfa.enrollment.enabled

Boolean

Required

Mutable

Enables or disables multi-factor authentication enrollment. Defaults to false.

mfa.enrollment.required

Boolean

Required

Mutable

Required when mfa.enabled is true. Enables or disables requirement for multi-factor authentication enrollment. Defaults to false.

mfa.enabled.accessPolicies

Object[]

Required

Mutable

Required when mfa.enabled is true. Currently, only a single Device Authentication Policy identifier object can be specified. An array is used to enable multi-policy selection in the future.

mfa.enabled.accessPolicies.id

String

Required/Optional

Mutable

Required when mfa.enabled is true. A Device Authentication Policy ID.

mfa.enabled.accessPolicies.type

String

Required/Optional

Immutable

Required when mfa.enabled is true. This must be STANDARD_MFA.

accountRecovery

Object

Required

Mutable

Contains the configuration for account recovery.

accountRecovery.enabled

Boolean

Required

Mutable

Enables or disables multi-factor authentication enrollment. Defaults to false.

accountRecovery.enabled.accessPolicies

Object[]

Required

Mutable

Required when accountRecovery.enabled is true. Currently, only a single Risk Policy identifier object can be specified. An array is used to enable multi-policy selection in the future.

accountRecovery.enabled.accessPolicies.id

String

Required/Optional

Mutable

Required when accountRecovery.enabled is true. A Risk Policy ID.

accountRecovery.enabled.accessPolicies.type

String

Required/Optional

Immutable

Required when accountRecovery.enabled is true. This must be RISK_MFA.

registration

Object

Required

Mutable

Contains the configuration for account recovery.

registration.enabled

Boolean

Required

Mutable

Enables or disables multi-factor authentication enrollment. Defaults to false.

registration.enrollment

Object

Required

Mutable

Contains the configuration for multi-factor authentication enrollment.

registration.enrollment.enabled

Boolean

Required

Mutable

Enables or disables registration enrollment. Defaults to false.

registration.enrollment.required

Boolean

Required

Mutable

Required when registration.enrollment.enabled is true. Enables or disables requirement for registration enrollment. Defaults to false.

registration.enrollment.policies

Object[]

Required

Mutable

Required when registration.enrollment.enabled is true. Currently, only a single Device Authentication Policy identifier object can be specified. An array is used to enable multi-policy selection in the future.

registration.enrollment.policies.id

String

Required/Optional

Mutable

Required when registration.enrollment.enabled is true. A Device Authentication Policy ID.

registration.enrollment.policies.type

String

Required/Optional

Immutable

Required when registration.enrollment.enabled is true. This must be STANDARD_MFA.

registration.population

Object

Required/Optional

Mutable

Required when registration.enabled is true. Configures the population for registration.

registration.population.id

String

Required/Optional

Mutable

Required when registration.enabled is true. A population ID.

registration.botDetection

Object

Required

Mutable

Contains the configuration for bot detection.

registration.botDetection.enabled

Boolean

Required

Mutable

Enables or disables bot detection. Defaults to false.

registration.botDetection.enabled.accessPolicies

Object[]

Required

Mutable

Required when registration.enabled is true. Currently, only a single Risk Policy identifier object can be specified. An array is used to enable multi-policy selection in the future.

registration.botDetection.enabled.accessPolicies.id

String

Required/Optional

Mutable

Required when registration.botDetection.enabled is true. A Risk Policy ID.

registration.botDetection.enabled.accessPolicies.type

String

Required/Optional

Immutable

Required when registration.botDetection.enabled is true. This must be RISK_MFA.

registration.attributeList

Object[]

Required

Mutable

Contains the attributes required for registration.

registration.attributeList.name

String

Optional

Mutable

The name of a PingOne Standard attribute.

registration.attributeList.required

Boolean

Required

Mutable

Indicates whether the name attribute specified is required.

registration.requireAccountVerification

Boolean

Required

Mutable

Indicates whether 0account verification is required.

registration.termsOfService

Object

Required

Mutable

Contains the Terms of Service Agreement configuration.

registration.termsOfService.enabled

Boolean

Required

Mutable

Enables or disables the Terms of Service Agreement configuration.

registration.termsOfService.agreementPolicy

Object

Required

Mutable

Required when registration.termsOfService.enabled is true. Contains the Agreement Policy configuration.

registration.termsOfService.agreementPolicy.id

String

Required/Optional

Mutable

Required when registration.termsOfService.enabled is true. An Agreement Policy ID.

registration.theme

Object

Required

Mutable

Contains the Theme configuration.

registration.theme.id

String

Required

Mutable

A Theme ID.