PingOne Platform APIs

Step 5: Create the sign-on policy action

 

POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions

This step associates a sign-on policy action with the new sign-on policy you created in Step 4. The POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{policyID}}/actions operation creates the sign-on policy action resource, which is associated with the sign-on policy ({{policyID}}) specified in the request URL.

PingOne supports several sign-on policy action types. To establish a SAML username/password login flow, the type property for the action resource associated with the sign-on policy can be set to LOGIN.

At this time, you can add external identity providers only to LOGIN and IDENTIFIER_FIRST type sign-on policy actions.

For a sign-on action that supports SAML, the sign-on policy action must include the socialProviders.id property to specify the SAML identity provider ID that you created in Step 2.

In addition, it is recommended that a sign-on policy that supports a SAML external identity provider also include the registration property to allow automatic account creation and account linking between the user’s identity provider account and the PingOne account.

If you do not enable the registration on the sign-on action, only existing PingOne users will be able to login.

In this sample, the priority property is set to 1, which designates this policy as the first sign-on policy executed, if there is more than one sign-on policy associated with the application. In addition, this action includes the recovery property to enable the password.recover authentication flow, allowing users to recover a forgotten password.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "environment": {
        "id": "{{envID}}"
    },
    "signOnPolicy": {
        "id": "{{usecaseSamlPolicyID}}"
    },
    "priority": 1,
    "type": "LOGIN",
    "socialProviders.id": "{{usecaseSamlIdpID}}",
    "registration": {
        "enabled": true,
        "population": {
            "id": "{{samlPopID}}"
        }
    }
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "environment": {
        "id": "{{envID}}"
    },
    "signOnPolicy": {
        "id": "{{usecaseSamlPolicyID}}"
    },
    "priority": 1,
    "type": "LOGIN",
    "socialProviders.id": "{{usecaseSamlIdpID}}",
    "registration": {
        "enabled": true,
        "population": {
            "id": "{{samlPopID}}"
        }
    }
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""environment"": {" + "\n" +
@"        ""id"": ""{{envID}}""" + "\n" +
@"    }," + "\n" +
@"    ""signOnPolicy"": {" + "\n" +
@"        ""id"": ""{{usecaseSamlPolicyID}}""" + "\n" +
@"    }," + "\n" +
@"    ""priority"": 1," + "\n" +
@"    ""type"": ""LOGIN""," + "\n" +
@"    ""socialProviders.id"": ""{{usecaseSamlIdpID}}""," + "\n" +
@"    ""registration"": {" + "\n" +
@"        ""enabled"": true," + "\n" +
@"        ""population"": {" + "\n" +
@"            ""id"": ""{{samlPopID}}""" + "\n" +
@"        }" + "\n" +
@"    }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions"
  method := "POST"

  payload := strings.NewReader(`{
    "environment": {
        "id": "{{envID}}"
    },
    "signOnPolicy": {
        "id": "{{usecaseSamlPolicyID}}"
    },
    "priority": 1,
    "type": "LOGIN",
    "socialProviders.id": "{{usecaseSamlIdpID}}",
    "registration": {
        "enabled": true,
        "population": {
            "id": "{{samlPopID}}"
        }
    }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "environment": {
        "id": "{{envID}}"
    },
    "signOnPolicy": {
        "id": "{{usecaseSamlPolicyID}}"
    },
    "priority": 1,
    "type": "LOGIN",
    "socialProviders.id": "{{usecaseSamlIdpID}}",
    "registration": {
        "enabled": true,
        "population": {
            "id": "{{samlPopID}}"
        }
    }
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"environment\": {\n        \"id\": \"{{envID}}\"\n    },\n    \"signOnPolicy\": {\n        \"id\": \"{{usecaseSamlPolicyID}}\"\n    },\n    \"priority\": 1,\n    \"type\": \"LOGIN\",\n    \"socialProviders.id\": \"{{usecaseSamlIdpID}}\",\n    \"registration\": {\n        \"enabled\": true,\n        \"population\": {\n            \"id\": \"{{samlPopID}}\"\n        }\n    }\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "environment": {
      "id": "{{envID}}"
    },
    "signOnPolicy": {
      "id": "{{usecaseSamlPolicyID}}"
    },
    "priority": 1,
    "type": "LOGIN",
    "socialProviders.id": "{{usecaseSamlIdpID}}",
    "registration": {
      "enabled": true,
      "population": {
        "id": "{{samlPopID}}"
      }
    }
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "environment": {
      "id": "{{envID}}"
    },
    "signOnPolicy": {
      "id": "{{usecaseSamlPolicyID}}"
    },
    "priority": 1,
    "type": "LOGIN",
    "socialProviders.id": "{{usecaseSamlIdpID}}",
    "registration": {
      "enabled": true,
      "population": {
        "id": "{{samlPopID}}"
      }
    }
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions"

payload = json.dumps({
  "environment": {
    "id": "{{envID}}"
  },
  "signOnPolicy": {
    "id": "{{usecaseSamlPolicyID}}"
  },
  "priority": 1,
  "type": "LOGIN",
  "socialProviders.id": "{{usecaseSamlIdpID}}",
  "registration": {
    "enabled": True,
    "population": {
      "id": "{{samlPopID}}"
    }
  }
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "environment": {\n        "id": "{{envID}}"\n    },\n    "signOnPolicy": {\n        "id": "{{usecaseSamlPolicyID}}"\n    },\n    "priority": 1,\n    "type": "LOGIN",\n    "socialProviders.id": "{{usecaseSamlIdpID}}",\n    "registration": {\n        "enabled": true,\n        "population": {\n            "id": "{{samlPopID}}"\n        }\n    }\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "environment": {
    "id": "{{envID}}"
  },
  "signOnPolicy": {
    "id": "{{usecaseSamlPolicyID}}"
  },
  "priority": 1,
  "type": "LOGIN",
  "socialProviders.id": "{{usecaseSamlIdpID}}",
  "registration": {
    "enabled": true,
    "population": {
      "id": "{{samlPopID}}"
    }
  }
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"environment\": {\n        \"id\": \"{{envID}}\"\n    },\n    \"signOnPolicy\": {\n        \"id\": \"{{usecaseSamlPolicyID}}\"\n    },\n    \"priority\": 1,\n    \"type\": \"LOGIN\",\n    \"socialProviders.id\": \"{{usecaseSamlIdpID}}\",\n    \"registration\": {\n        \"enabled\": true,\n        \"population\": {\n            \"id\": \"{{samlPopID}}\"\n        }\n    }\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/signOnPolicies/{{usecaseSamlPolicyID}}/actions")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/signOnPolicies/1c1170ad-436d-4d6f-9e11-0a0cc4f5c7b9/actions/e16e4882-153a-4733-ad18-dda307473890"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "signOnPolicy": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/signOnPolicies/1c1170ad-436d-4d6f-9e11-0a0cc4f5c7b9"
        }
    },
    "id": "e16e4882-153a-4733-ad18-dda307473890",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "type": "LOGIN",
    "signOnPolicy": {
        "id": "1c1170ad-436d-4d6f-9e11-0a0cc4f5c7b9"
    },
    "priority": 1,
    "registration": {
        "enabled": true,
        "population": {
            "id": "95f34a21-5c57-4baa-9ac2-aab386473d08"
        }
    },
    "recovery": {
        "enabled": true
    }
}