Assign an MFA Sign-On Policy to a Web Application
This activity shows you how to define a Web application, create an MFA sign-on policy, and assign the sign-on policy to the application.
This scenario illustrates the following common operations supported by the PingOne APIs:
-
Create an application
-
Assign a resource grant to the application
-
Create a sign-on policy
-
Create a sign-on policy MFA action
-
Assign a sign-on policy to an application
Prerequisites
Get an access token from the worker application that you created in Create an admin Worker app connection. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, refer to Get a PingOne admin access token.
Workflow order of operations
To create the application specify its sign-on policy:
-
Make a
POSTrequest to the/environments/{{envID}}/applicationsendpoint to define a new Web application. -
Make a
GETrequest to/environments/{{envID}}/resourcesto get the list of available resource server IDs. -
Make a get request to
/environments/{{envID}}/resources/{{resourceID}}/scopesto get the OIDC scopes for the resource grant. -
Make a
POSTrequest to/environments/{{envID}}/applications/{{appID}}/grantsto assign a resource grant to the application. -
Make a
POSTrequest to the/environments/{{envID}}/signOnPoliciesendpoint to create a new sign-on policy. -
Make a
POSTrequest to/environments/{{envID}}/signOnPolicies/{{policyID}}to create an MFA sign-on policy action for the new sign-on policy. -
Make a
POSTrequest to/environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignmentsto assign the MFA sign-on policy with the new Web application.
Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.