PingOne Platform APIs

Workflow Library

The PingOne workflow library provides step-by-step guidance for building sign-on flows using PingOne APIs. This collection of workflows define application properties, assign sign-on policy actions, specify resource grants, and in many cases call the authorization server to initiate flows. Some workflows include flow execution APIs to show you how PingOne manages various sign-on actions and completes the flow by returning an access token from the authorization server.

Each workflow is configured as a Postman collection, and includes a Run in Postman button that enables you to fork, or download and import, the collection to your Postman workspace. You can see the complete list of workflow collections in Downloading PingOne workflow collections.

Prerequisite

To access the PingOne APIs, you’ll need an admin access token. If you haven’t completed the getting started tasks, particularly the configuration steps in Create Your Test Environment, stop and do that now. This workflow shows you how to create a Worker (admin) application and use that application’s properties to get a PingOne admin access token. In that section, there is a Run In Postman link to download a special Postman collection to help you get the token and create a test user. Do not proceed until you have completed these tasks.

Configuring and managing Postman

When using the Postman collections linked to PingOne workflows, you’ll need to configure any of your Postman requests for authorization and authentication to not follow redirects automatically. You’ll also need to do this for requests that require a redirect to the authorization server. These requests will not execute the steps in the Postman collection as intended if Postman’s Automatically follow redirects setting is turned on.

To disable the Automatically follow redirects setting for requests in Postman:

  1. Open your Postman application, and for each relevant request, select Settings.

  2. Ensure that the Automatically follow redirects setting is set to OFF.

Postman Request Settings

For more information about Postman preferences, refer to Setting up Postman.

Using the PingOne Postman environment

The PingOne workflow collections include test scripts that write environment variables and their current values to your active Postman environment for the newly created PingOne resources.

To save and use these resource IDs, specify a Postman environment and have the following Postman environment variables set before you begin. Refer to The PingOne Postman Environment Template for the regional domains associated with the API endpoints for these environment variables:

  • {{tld}}

    The top level domain for your region:

    Region Code Top level domain

    North America region (excluding Canada)

    NA

    com (default)

    Canada region

    CA

    ca

    European Union region

    EU

    eu

    Australia region

    AU

    com.au

    Singapore region

    SG

    sg

    Asia-Pacific region

    AP

    asia

    This variable is incorporated in each of the following {{…​Path}} variables to make changing your region simple. When you set {{tld}}, the {{…​Path}} variables are also set to the appropriate region.

  • {{apiPath}}

    The regional domain for the PingOne server. These IDs identify a specific configured application in PingOne.

  • {{authPath}}

    The domain for the PingOne authentication server.

  • {{orchestratePath}}

    The regional domain (and part of the path) for the PingOne DaVinci server.

  • {{scimPath}}

    The regional domain (and part of the path) for the PingOne SCIM server.

  • {{envID}}

    The UUID of an environment resource. This ID identifies your current working domain within your organization.

  • {{accessToken}}

    A valid access token returned by the PingOne authorization server from the worker application in your current environment. For information about creating a worker application and getting an access token, refer to Create an admin Worker app connection.

Removing session cookies in Postman

When you run workflow collections that involve authentication flows, the PingOne API uses session token cookies to establish the user’s authentication session and maintain the session throughout the workflow. Postman functions as the calling client to save these cookies, allowing the flow to redirect back to the authorization server to get an access token.

Before you run any workflows, we recommend that you remove all old session token cookies from Postman. To remove these cookies:

  1. For the workflow you want to run, open the Step 1 request.

  2. Click the Cookies link, which is directly under the Send button.

  3. On the Manage Cookies page, delete all session token cookies listed until you see the No Cookies available message.

For more information about Postman and cookie management, refer to Using cookies.