PingOne Platform APIs

Step 5: Create a sign-on policy

 

POST {{apiPath}}/environments/{{envID}}/signOnPolicies

You can use the POST {{apiPath}}/environments/{{envID}}/signOnPolicies endpoint to create the new sign-on policy. In the request, the name property is required and must be unique within the environment. The description property is optional, but recommended.

The response shows the property data for the new sign-on policy. It includes an actions link to the sign-on policy actions endpoint, which is used to assign an action to the new sign-on policy. The policy must have at least one associated action before it can be assigned to an application.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "name": "MFA_UseCasePolicy_{{$timestamp}}",
    "default": "false",
    "description": "A new MFA sign-on policy."
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/signOnPolicies' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "name": "MFA_UseCasePolicy_{{$timestamp}}",
    "default": "false",
    "description": "A new MFA sign-on policy."
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/signOnPolicies")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""name"": ""MFA_UseCasePolicy_{{$timestamp}}""," + "\n" +
@"    ""default"": ""false""," + "\n" +
@"    ""description"": ""A new MFA sign-on policy.""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/signOnPolicies"
  method := "POST"

  payload := strings.NewReader(`{
    "name": "MFA_UseCasePolicy_{{$timestamp}}",
    "default": "false",
    "description": "A new MFA sign-on policy."
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/signOnPolicies HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "name": "MFA_UseCasePolicy_{{$timestamp}}",
    "default": "false",
    "description": "A new MFA sign-on policy."
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"name\": \"MFA_UseCasePolicy_{{$timestamp}}\",\n    \"default\": \"false\",\n    \"description\": \"A new MFA sign-on policy.\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/signOnPolicies")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/signOnPolicies",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "name": "MFA_UseCasePolicy_{{$timestamp}}",
    "default": "false",
    "description": "A new MFA sign-on policy."
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/signOnPolicies',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "name": "MFA_UseCasePolicy_{{$timestamp}}",
    "default": "false",
    "description": "A new MFA sign-on policy."
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/signOnPolicies"

payload = json.dumps({
  "name": "MFA_UseCasePolicy_{{$timestamp}}",
  "default": "false",
  "description": "A new MFA sign-on policy."
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/signOnPolicies');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "name": "MFA_UseCasePolicy_{{$timestamp}}",\n    "default": "false",\n    "description": "A new MFA sign-on policy."\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/signOnPolicies")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "name": "MFA_UseCasePolicy_{{\$timestamp}}",
  "default": "false",
  "description": "A new MFA sign-on policy."
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"name\": \"MFA_UseCasePolicy_{{$timestamp}}\",\n    \"default\": \"false\",\n    \"description\": \"A new MFA sign-on policy.\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/signOnPolicies")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/signOnPolicies/c07e39be-6e20-4474-98f7-6b628746fb82"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "actions": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/signOnPolicies/c07e39be-6e20-4474-98f7-6b628746fb82/actions"
        }
    },
    "id": "c07e39be-6e20-4474-98f7-6b628746fb82",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "name": "MFA_UseCasePolicy_1626202754",
    "description": "A new MFA sign-on policy.",
    "default": false
}