Have you ever noticed how kids are drawn to a sandbox in a yard or playground? It seems like that simple, square frame encourages play by being a boundary within which there are no boundaries. Inside of the sandbox, anything is possible—and sometimes all you need is a place to start. PingOne for customers is no different, and with our latest capabilities, we’ve given you a number of new tools to start playing with.
PingOne for Customers Feature Highlights For our round-up of new features this quarter, here are the highlights of the things that will help you experiment, play and build with PingOne for Customers:
Worker applications allow you to create clients that rely on easier-to-use roles, vs. OAuth scopes like other client apps. This enables your development team to write apps with only the amount of access that its creator intended, thwarting privilege escalation.
We have a Worker App example in Python that you can use as-is to spin up safe places for evaluation, development and testing to streamline your SDLC within your existing PingOne for Customers trial or production system. Check it out on GitHub.
New customization capabilities, including:
Add user attributes (or static values) to SAML assertions. PingOne for Customers has always had the ability to add custom attributes to user schemas. Now, those can be represented in SAML assertions.
Add conditions to dynamic MFA policies that are triggered by user attributes. This gives you even more control over MFA and the ability to ensure a balance of security and convenience for your users.
Customize messages for MFA, registration and account recovery via text and HTML templates. Now, you can personalize your communications to end users. This is not only convenient, but for mediums like MFA, can also help prevent fraud by telling customers exactly what they’re approving.
Passwordless AuthN policies are a new addition (or subtraction, if you want to look at it that way!) If you’ve built an application to use the platform’s Flow APIs for policy-based authentication, that app could get this new behavior automatically.
We’ve also made it easier to connect PingOne to other systems:
The new PingOne for Customers Integration Kit for PingFederate comes with a provisioner, a PCV (“password credential validator” for checking user’s passwords stored in PingOne for Customers), and the ability to use PingOne for Customers as the data store for some or all of the users who authenticate through your PingFed deployment.
Version 184.108.40.206 of Ping DataSync has a new bi-directional data synchronization feature for PingOne for Customers. Use it to kick any on-prem identity data you have up to the cloud and keep all systems running while you migrate.
And a bonus tip: We recently added an “API” tab in the user profile, which will show you the URLs and the JSON structure for any user resource, including the ability to peek into any JSON attributes your apps create: