PingOne Platform APIs

Create Sign-On Policy Action (IDENTITY_PROVIDER)

 

POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions

The POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions operation creates a new sign-on policy action resource. The priority property specifies the order in which this action (and its conditions) is evaluated when evaluating the policy. Property values range from 1 to {maxInt}. The action with a priority value of 1 is evaluated first.

The condition property for the sign-on policy action specifies the conditions associated with the action. At least one condition must be met to execute the action. If the conditions attribute is omitted from the sign-on policy action, the action is always executed.

For sign-on policies for Microsoft external identity providers:

  • The passUserContext value must be null.

  • The entraIdEnabled is an optional boolean used to specify the purpose of the policy:

    • A true value indicates the purpose of the policy is for users to fulfill the multi-factor authentication requirement as defined in the Entra ID External Authentication Method.

    • A false value indicates the purpose of the policy is for users to authenticate at Microsoft via the OpenID Connect (OIDC) Authentication protocol.

    When entraIdEnabled is omitted, the default value is false.

The sample shows the request for an IDENTITY_PROVIDER action type.

Prerequisites

Request Model
Property Type Required?

entraIdEnabled

Boolean

Optional

identityProvider.id

String

Required

passUserContext

Boolean

Required

priority

Integer

Required

registration.confirmIdentityProviderAttributes

Boolean

Optional

registration.enabled

Boolean

Required

registration.population.id

String

Required

Refer to the Sign-on policy actions base data model for full property descriptions.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "type": "IDENTITY_PROVIDER",
    "identityProvider": {
        "id": "{{idpID}}"
    },
    "condition": {
        "greater": 600,
        "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"
    },
    "priority": 10,
    "passUserContext": true,
    "registration": {
        "enabled": true,
        "confirmIdentityProviderAttributes": true,
        "population": {
            "id": "{{popID}}"
        }
    }
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "type": "IDENTITY_PROVIDER",
    "identityProvider": {
        "id": "{{idpID}}"
    },
    "condition": {
        "greater": 600,
        "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"
    },
    "priority": 10,
    "passUserContext": true,
    "registration": {
        "enabled": true,
        "confirmIdentityProviderAttributes": true,
        "population": {
            "id": "{{popID}}"
        }
    }
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""type"": ""IDENTITY_PROVIDER""," + "\n" +
@"    ""identityProvider"": {" + "\n" +
@"        ""id"": ""{{idpID}}""" + "\n" +
@"    }," + "\n" +
@"    ""condition"": {" + "\n" +
@"        ""greater"": 600," + "\n" +
@"        ""secondsSince"": ""${session.lastSignOn.withAuthenticator.pwd.at}""" + "\n" +
@"    }," + "\n" +
@"    ""priority"": 10," + "\n" +
@"    ""passUserContext"": true," + "\n" +
@"    ""registration"": {" + "\n" +
@"        ""enabled"": true," + "\n" +
@"        ""confirmIdentityProviderAttributes"": true," + "\n" +
@"        ""population"": {" + "\n" +
@"            ""id"": ""{{popID}}""" + "\n" +
@"        }" + "\n" +
@"    }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions"
  method := "POST"

  payload := strings.NewReader(`{
    "type": "IDENTITY_PROVIDER",
    "identityProvider": {
        "id": "{{idpID}}"
    },
    "condition": {
        "greater": 600,
        "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"
    },
    "priority": 10,
    "passUserContext": true,
    "registration": {
        "enabled": true,
        "confirmIdentityProviderAttributes": true,
        "population": {
            "id": "{{popID}}"
        }
    }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/signOnPolicies/{{policyID}}/actions HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "type": "IDENTITY_PROVIDER",
    "identityProvider": {
        "id": "{{idpID}}"
    },
    "condition": {
        "greater": 600,
        "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"
    },
    "priority": 10,
    "passUserContext": true,
    "registration": {
        "enabled": true,
        "confirmIdentityProviderAttributes": true,
        "population": {
            "id": "{{popID}}"
        }
    }
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"type\": \"IDENTITY_PROVIDER\",\n    \"identityProvider\": {\n        \"id\": \"{{idpID}}\"\n    },\n    \"condition\": {\n        \"greater\": 600,\n        \"secondsSince\": \"${session.lastSignOn.withAuthenticator.pwd.at}\"\n    },\n    \"priority\": 10,\n    \"passUserContext\": true,\n    \"registration\": {\n        \"enabled\": true,\n        \"confirmIdentityProviderAttributes\": true,\n        \"population\": {\n            \"id\": \"{{popID}}\"\n        }\n    }\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "type": "IDENTITY_PROVIDER",
    "identityProvider": {
      "id": "{{idpID}}"
    },
    "condition": {
      "greater": 600,
      "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"
    },
    "priority": 10,
    "passUserContext": true,
    "registration": {
      "enabled": true,
      "confirmIdentityProviderAttributes": true,
      "population": {
        "id": "{{popID}}"
      }
    }
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "type": "IDENTITY_PROVIDER",
    "identityProvider": {
      "id": "{{idpID}}"
    },
    "condition": {
      "greater": 600,
      "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"
    },
    "priority": 10,
    "passUserContext": true,
    "registration": {
      "enabled": true,
      "confirmIdentityProviderAttributes": true,
      "population": {
        "id": "{{popID}}"
      }
    }
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions"

payload = json.dumps({
  "type": "IDENTITY_PROVIDER",
  "identityProvider": {
    "id": "{{idpID}}"
  },
  "condition": {
    "greater": 600,
    "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"
  },
  "priority": 10,
  "passUserContext": True,
  "registration": {
    "enabled": True,
    "confirmIdentityProviderAttributes": True,
    "population": {
      "id": "{{popID}}"
    }
  }
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "type": "IDENTITY_PROVIDER",\n    "identityProvider": {\n        "id": "{{idpID}}"\n    },\n    "condition": {\n        "greater": 600,\n        "secondsSince": "${session.lastSignOn.withAuthenticator.pwd.at}"\n    },\n    "priority": 10,\n    "passUserContext": true,\n    "registration": {\n        "enabled": true,\n        "confirmIdentityProviderAttributes": true,\n        "population": {\n            "id": "{{popID}}"\n        }\n    }\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "type": "IDENTITY_PROVIDER",
  "identityProvider": {
    "id": "{{idpID}}"
  },
  "condition": {
    "greater": 600,
    "secondsSince": "\${session.lastSignOn.withAuthenticator.pwd.at}"
  },
  "priority": 10,
  "passUserContext": true,
  "registration": {
    "enabled": true,
    "confirmIdentityProviderAttributes": true,
    "population": {
      "id": "{{popID}}"
    }
  }
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"type\": \"IDENTITY_PROVIDER\",\n    \"identityProvider\": {\n        \"id\": \"{{idpID}}\"\n    },\n    \"condition\": {\n        \"greater\": 600,\n        \"secondsSince\": \"${session.lastSignOn.withAuthenticator.pwd.at}\"\n    },\n    \"priority\": 10,\n    \"passUserContext\": true,\n    \"registration\": {\n        \"enabled\": true,\n        \"confirmIdentityProviderAttributes\": true,\n        \"population\": {\n            \"id\": \"{{popID}}\"\n        }\n    }\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()