Licenses

The Licenses service manages license assignments at the organization level and enforcement of licensing limits at the environment level. Organizations can have multiple licenses, including multiple active licenses. You can use the licenses endpoints to view your organization’s licenses, check which licenses are active (or terminated), and check the allowed PingOne platform entitlements supported by the license.

Each environment is associated with one license only. The property values of the license resource specify the licensing boundaries. The license identifies the organization that owns the license, the licensing package type, and the expiration date for the license. The following entitlements are also defined in the licensing package:

For environments:

Allow or deny production environments
Designate the maximum number of environments allowed by the organization
Designate the allowed regions

For users and applications:

Set the maximum number of users for the environment

License data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`assignedEnvironmentsCount`	Integer	N/A	Read-only	The total number of environments associated with this license.
`authorize.allowApiAccessManagement`	Boolean	N/A	Read-only	Indicates whether to enable the PingOne Authorize API access management feature.
`authorize.allowDynamicAuthorization`	Boolean	N/A	Read-only	Indicates whether to enable the PingOne Authorize dynamic authorization feature.
`beginsAt`	Date	Required	Mutable	The date and time this license begins.
`environments.allowConnections`	Boolean	Required	Mutable	Indicates whether the license supports creation of application connections in the specified environment.
`environments.allowCustomDomain`	Boolean	N/A	Read-only	Indicates whether the license supports creation of a custom domain in the specified environment.
`environments.allowCustomSchema`	Boolean	N/A	Read-only	Indicates whether the license supports using custom schema attributes in the specified environment.
`environments.allowProduction`	Boolean	N/A	Read-only	Indicates whether production environments are allowed.
`environments.max`	Integer	N/A	Read-only	The maximum number of environments allowed.
`environments.regions`	String	N/A	Read-only	The allowed regions associated with environments. Options are `NA`, `CA`, `EU`, `AU`, `SG`, or `AP`.
`expiresAt`	Date	Required	Mutable	The date and time this license expires. `TRIAL` licenses stop access to PingOne services at expiration. All other licenses trigger an event to send a notification when the license expires but do not block services.
`id`	String	N/A	Read-only	The license resource’s unique identifier.
`intelligence.allowGeoVelocity`	Boolean	N/A	Read-only	Indicates whether to use the intelligence geo-velocity feature. For `TRIAL` (unpaid) licenses, the default value is `true`. For `ADMIN`, `GLOBAL`, `RISK`, and `MFARISK`, the default value is `true`.
`intelligence.allowAnonymousNetworkDetection`	Boolean	N/A	Read-only	Indicates whether to use the intelligence anonymous network detection feature. For `TRIAL` (unpaid) licenses, the default value is `true`. For `ADMIN`, `GLOBAL`, `RISK`, and `MFARISK`, the default value is `true`.
`intelligence.allowReputation`	Boolean	N/A	Read-only	Indicates whether to use the intelligence IP reputation feature. For `TRIAL` (unpaid) licenses, the default value is `true`. For `ADMIN`, `GLOBAL`, `RISK`, and `MFARISK`, the default value is `true`.
`intelligence.allowDataConsent`	Boolean	N/A	Read-only	Indicates whether the customer has opted in to allow user and event behavior analytics (UEBA) data collection.
`intelligence.allowRisk`	Boolean	N/A	Read-only	Indicates whether your license permits you to configure risk features such as sign-on policies that include rules to detect anomalous changes to your locations (such as impossible travel). This capability is supported for `TRIAL`, `RISK`, and `MFARISK` license packages. Note: The sharing of user data to enable our machine-learning engine, which is integral to PingOne Protect, is captured in the license property `license.intelligence.allowDataConsent`, but it is not set to `true` by default in any license package. This license capability always requires active consent by the customer before it can be enabled, and if consent is given, then it allows the full scope of intelligence features included in PingOne Protect (and PingOne Protect plus MFA).
`intelligence.allowIntelligenceProtect`	Boolean	N/A	Read-only	Indicates whether your license permits you to configure protect features. Note: The sharing of user data to enable our machine-learning engine, which is integral to PingOne Protect, is captured in the license property `license.intelligence.allowDataConsent`, but it is not set to `true` by default in any license package. This license capability always requires active consent by the customer before it can be enabled, and if consent is given, then it allows the full scope of intelligence features included in PingOne Protect (and PingOne Protect plus MFA).
`intelligence.numberOfProtectTransactions`	Integer	N/A	Read-only	Indicates the number of protect transactions allowed.
`mfa.allowPushNotification`	Boolean	N/A	Read-only	Indicates whether push notifications are allowed. For `TRIAL` (unpaid) licenses, the default value is `true`. For other license package types, adoption of the feature determines the default value.
`mfa.allowMfaNotificationsOutsideWhitelist`	Boolean	Required	Immutable	Indicates whether the license supports sending notifications outside of the environment’s whitelist.
`mfa.allowFido2Devices`	Boolean	N/A	Read-only	Indicates whether FIDO2 devices are allowed. For `TRIAL` (unpaid) licenses, the default value is `true`. For other license package types, adoption of the feature determines the default value.
`name`	String	Required	Mutable	A string that specifies a descriptive name for the license. This is a required property in a license name update request. Valid characters consists of any Unicode letter, mark, numeric character, forward slash, dot, apostrophe, underscore, space, or hyphen. The maximum length of a name is 255 characters.
`organization.id`	String	N/A	Read-only	The organization resource’s unique identifier associated with the license.
`package`	String	Required	Mutable	A string that specifies the license template on which this license is based. This is a required property. Options are `TRIAL`, `STANDARD`, `PREMIUM`, `MFA`, `RISK`, `MFARISK`, and `GLOBAL`. These values are not fixed.
`replacesLicense.id`	String	Optional	Immutable	The license ID of the license that is replaced by this license.
`replacedByLicense.id`	String	Optional	Immutable	The license ID of the license that replaces this license.
`status`	String	Required	Mutable	The status of the license. Options are `ACTIVE`, `EXPIRED`, and `FUTURE`.
`terminatesAt`	Date	Optional	Mutable	The exact date and time when this license terminates access to PingOne services. This attribute can be added to any licensing package.
`users.allowPasswordManagementNotifications`	Boolean	Required	Mutable	Indicates whether the license supports sending password management notifications.
`users.allowIdentityProviders`	Boolean	N/A	Read-only	Indicates whether the license supports using external identity providers in the specified environment.
`users.allowMyAccount`	Boolean	N/A	Read-only	Indicates whether the license supports using My Account capabilities in the specified environment.
`users.allowPasswordManagementNotifications`	Boolean	N/A	Read-only	Indicates whether the license supports using password management capabilities in the specified environment.
`users.allowPasswordOnlyAuthentication`	Boolean	N/A	Read-only	Indicates whether the license supports using password only login capabilities in the specified environment.
`users.allowPasswordPolicy`	Boolean	N/A	Read-only	Indicates whether the license supports using password policies in the specified environment.
`users.allowProvisioning`	Boolean	N/A	Read-only	Indicates whether the license supports using provisioning capabilities in the specified environment.
`users.allowRoleAssignment`	Boolean	N/A	Read-only	Indicates whether the license supports role assignments in the specified environment.
`users.users.allowVerificationFlow`	Boolean	N/A	Read-only	Indicates whether the license supports using verification flows in the specified environment.
`users.allowUpdateSelf`	Boolean	N/A	Read-only	Indicates whether the license supports allowing users to update their own profile.
`users.entitledToSupport`	Boolean	N/A	Read-only	Indicates whether the license allows PingOne support.
`users.max`	Integer	N/A	Read-only	The maximum number of users allowed per environment.
`users.annualActiveIncluded`	Integer	N/A	Read-only	A soft limit on the number of active identities across all environments on the license per year. This property is not visible if a value is not provided at the time the license is created.
`users.monthlyActiveIncluded`	Integer	N/A	Read-only	A soft limit on the number of active identities across all environments on the license per month. This property is not visible if a value is not provided at the time the license is created.
`verify.allowPushNotifications`	Boolean	N/A	Read-only	Indicates whether to enable the PingOne Verify push notifications feature.
`verify.allowDocumentMatch`	Boolean	N/A	Read-only	Indicates whether to enable the PingOne Verify document matching feature.
`verify.allowFaceMatch`	Boolean	N/A	Read-only	Indicates whether to enable the PingOne Verify face matching feature.
`verify.allowManualIdInspection`	Boolean	N/A	Read-only	Indicates whether to enable the PingOne Verify manual ID inspection feature.
`verify.numberOfDataVerifications`	Integer	N/A	Read-only	The maximum number of digital verifications allowed per environment. A value greater than 0 enables the feature.
`verify.numberOfDigitalVerifications`	Integer	N/A	Read-only	The maximum number of digital verifications allowed per environment.
`verify.numberOfUniversalCapture`	Integer	N/A	Read-only	The maximum number of universal captures allowed per environment.
`verify.numberOfAAMVA`	Integer	N/A	Read-only	The maximum number of AAMVA allowed per environment.
`verify.numberOfVoiceBiometrics`	Integer	N/A	Read-only	The maximum number of voice biometrics allowed per environment.

assignedEnvironmentsCount

Integer

N/A

Read-only

The total number of environments associated with this license.

authorize.allowApiAccessManagement

Boolean

N/A

Read-only

Indicates whether to enable the PingOne Authorize API access management feature.

authorize.allowDynamicAuthorization

Boolean

N/A

Read-only

Indicates whether to enable the PingOne Authorize dynamic authorization feature.

beginsAt

Date

Required

Mutable

The date and time this license begins.

environments.allowConnections

Boolean

Required

Mutable

Indicates whether the license supports creation of application connections in the specified environment.

environments.allowCustomDomain

Boolean

N/A

Read-only

Indicates whether the license supports creation of a custom domain in the specified environment.

environments.allowCustomSchema

Boolean

N/A

Read-only

Indicates whether the license supports using custom schema attributes in the specified environment.

environments.allowProduction

Boolean

N/A

Read-only

Indicates whether production environments are allowed.

environments.max

Integer

N/A

Read-only

The maximum number of environments allowed.

environments.regions

String

N/A

Read-only

The allowed regions associated with environments. Options are NA, CA, EU, AU, SG, or AP.

expiresAt

Date

Required

Mutable

The date and time this license expires. TRIAL licenses stop access to PingOne services at expiration. All other licenses trigger an event to send a notification when the license expires but do not block services.

id

String

N/A

Read-only

The license resource’s unique identifier.

intelligence.allowGeoVelocity

Boolean

N/A

Read-only

Indicates whether to use the intelligence geo-velocity feature. For TRIAL (unpaid) licenses, the default value is true. For ADMIN, GLOBAL, RISK, and MFARISK, the default value is true.

intelligence.allowAnonymousNetworkDetection

Boolean

N/A

Read-only

Indicates whether to use the intelligence anonymous network detection feature. For TRIAL (unpaid) licenses, the default value is true. For ADMIN, GLOBAL, RISK, and MFARISK, the default value is true.

intelligence.allowReputation

Boolean

N/A

Read-only

Indicates whether to use the intelligence IP reputation feature. For TRIAL (unpaid) licenses, the default value is true. For ADMIN, GLOBAL, RISK, and MFARISK, the default value is true.

intelligence.allowDataConsent

Boolean

N/A

Read-only

Indicates whether the customer has opted in to allow user and event behavior analytics (UEBA) data collection.

intelligence.allowRisk

Boolean

N/A

Read-only

Indicates whether your license permits you to configure risk features such as sign-on policies that include rules to detect anomalous changes to your locations (such as impossible travel). This capability is supported for TRIAL, RISK, and MFARISK license packages. Note: The sharing of user data to enable our machine-learning engine, which is integral to PingOne Protect, is captured in the license property license.intelligence.allowDataConsent, but it is not set to true by default in any license package. This license capability always requires active consent by the customer before it can be enabled, and if consent is given, then it allows the full scope of intelligence features included in PingOne Protect (and PingOne Protect plus MFA).

intelligence.allowIntelligenceProtect

Boolean

N/A

Read-only

Indicates whether your license permits you to configure protect features. Note: The sharing of user data to enable our machine-learning engine, which is integral to PingOne Protect, is captured in the license property license.intelligence.allowDataConsent, but it is not set to true by default in any license package. This license capability always requires active consent by the customer before it can be enabled, and if consent is given, then it allows the full scope of intelligence features included in PingOne Protect (and PingOne Protect plus MFA).

intelligence.numberOfProtectTransactions

Integer

N/A

Read-only

Indicates the number of protect transactions allowed.

mfa.allowPushNotification

Boolean

N/A

Read-only

Indicates whether push notifications are allowed. For TRIAL (unpaid) licenses, the default value is true. For other license package types, adoption of the feature determines the default value.

mfa.allowMfaNotificationsOutsideWhitelist

Boolean

Required

Immutable

Indicates whether the license supports sending notifications outside of the environment’s whitelist.

mfa.allowFido2Devices

Boolean

N/A

Read-only

Indicates whether FIDO2 devices are allowed. For TRIAL (unpaid) licenses, the default value is true. For other license package types, adoption of the feature determines the default value.

name

String

Required

Mutable

A string that specifies a descriptive name for the license. This is a required property in a license name update request. Valid characters consists of any Unicode letter, mark, numeric character, forward slash, dot, apostrophe, underscore, space, or hyphen. The maximum length of a name is 255 characters.

organization.id

String

N/A

Read-only

The organization resource’s unique identifier associated with the license.

package

String

Required

Mutable

A string that specifies the license template on which this license is based. This is a required property. Options are TRIAL, STANDARD, PREMIUM, MFA, RISK, MFARISK, and GLOBAL. These values are not fixed.

replacesLicense.id

String

Optional

Immutable

The license ID of the license that is replaced by this license.

replacedByLicense.id

String

Optional

Immutable

The license ID of the license that replaces this license.

status

String

Required

Mutable

The status of the license. Options are ACTIVE, EXPIRED, and FUTURE.

terminatesAt

Date

Optional

Mutable

The exact date and time when this license terminates access to PingOne services. This attribute can be added to any licensing package.

users.allowPasswordManagementNotifications

Boolean

Required

Mutable

Indicates whether the license supports sending password management notifications.

users.allowIdentityProviders

Boolean

N/A

Read-only

Indicates whether the license supports using external identity providers in the specified environment.

users.allowMyAccount

Boolean

N/A

Read-only

Indicates whether the license supports using My Account capabilities in the specified environment.

users.allowPasswordManagementNotifications

Boolean

N/A

Read-only

Indicates whether the license supports using password management capabilities in the specified environment.

users.allowPasswordOnlyAuthentication

Boolean

N/A

Read-only

Indicates whether the license supports using password only login capabilities in the specified environment.

users.allowPasswordPolicy

Boolean

N/A

Read-only

Indicates whether the license supports using password policies in the specified environment.

users.allowProvisioning

Boolean

N/A

Read-only

Indicates whether the license supports using provisioning capabilities in the specified environment.

users.allowRoleAssignment

Boolean

N/A

Read-only

Indicates whether the license supports role assignments in the specified environment.

users.users.allowVerificationFlow

Boolean

N/A

Read-only

Indicates whether the license supports using verification flows in the specified environment.

users.allowUpdateSelf

Boolean

N/A

Read-only

Indicates whether the license supports allowing users to update their own profile.

users.entitledToSupport

Boolean

N/A

Read-only

Indicates whether the license allows PingOne support.

users.max

Integer

N/A

Read-only

The maximum number of users allowed per environment.

users.annualActiveIncluded

Integer

N/A

Read-only

A soft limit on the number of active identities across all environments on the license per year. This property is not visible if a value is not provided at the time the license is created.

users.monthlyActiveIncluded

Integer

N/A

Read-only

A soft limit on the number of active identities across all environments on the license per month. This property is not visible if a value is not provided at the time the license is created.

verify.allowPushNotifications

Boolean

N/A

Read-only

Indicates whether to enable the PingOne Verify push notifications feature.

verify.allowDocumentMatch

Boolean

N/A

Read-only

Indicates whether to enable the PingOne Verify document matching feature.

verify.allowFaceMatch

Boolean

N/A

Read-only

Indicates whether to enable the PingOne Verify face matching feature.

verify.allowManualIdInspection

Boolean

N/A

Read-only

Indicates whether to enable the PingOne Verify manual ID inspection feature.

verify.numberOfDataVerifications

Integer

N/A

Read-only

The maximum number of digital verifications allowed per environment. A value greater than 0 enables the feature.

verify.numberOfDigitalVerifications

Integer

N/A

Read-only

The maximum number of digital verifications allowed per environment.

verify.numberOfUniversalCapture

Integer

N/A

Read-only

The maximum number of universal captures allowed per environment.

verify.numberOfAAMVA

Integer

N/A

Read-only

The maximum number of AAMVA allowed per environment.

verify.numberOfVoiceBiometrics

Integer

N/A

Read-only

The maximum number of voice biometrics allowed per environment.

License events generated

Refer to Audit Reporting Events for the events generated.

Response codes

Code	Message
200	Successful operation.
400	The request could not be completed.
401	You do not have access to this resource.
404	The requested resource was not found.

PingOne Platform APIs

Licenses

License data model

License events generated

Response codes