PingOne for Enterprise now supports the OpenID Connect (OIDC) protocol for application integration via code, implicit and hybrid flows. With this integration, OIDC standard-based applications are now treated identically to SAML applications and can be made available on the PingOne dock and selectable in access and authentication policies.

If you have an authentication policy in place for your PingOne account, when you add an application to PingOne, you now have the option to require that each time a user accesses the application, they must use multi-factor authentication (MFA).

PingOne SSO for SaaS Applications now provides administrators better visibility into their customers’ SSO transactional activity with new summary reports and the ability to filter transactional SSO events by customer tenant or application name.

PingOne for Enterprise administrators can now create custom application categories to be displayed on the dock. Categorize applications in a way that makes the most sense for your organization, such as grouping apps for new hires under an "Onboarding" category or grouping apps that require a VPN under a custom "VPN-only" category. Administrators can also configure localization for new categories in all supported languages.

The PingOne for Enterprise directory now supports the use of all user attributes in SSO attribute mappings, allowing for additional user information to be sent to service providers during SSO. Also, admins can now set a signing certificate as the default for new connections. This streamlines the configuration process for new connections by automatically selecting the default certificate during the setup process.

Administrators using PingOne Directory or AD connect as their IdP can now customize the branding for login and password reset screens, while those leveraging PingOne Directory can customize branding for self service registration. In addition, administrators can also leverage new SSO reports, which include the ability to filter transactional events by application name instead of viewing all transactions in aggregate. Finally, administrators can now assign multiple groups to administrative roles for the purpose of SSO to the PingOne admin portal from the PingOne dock. 

PingOne for Enterprise (P14E) administrators can now specify optional parameters for the authentication request PingOne sends to an OpenID Provider. Admins can streamline session management and configuration now that the P14E dock shares the same session lifetime as the PingOne SSO session, which can be set to as low as 15 minutes. We also added Turkish language support to the end-user interface.

When you add an application to PingOne for Enterprise and use advanced attribute mapping to map your identity provider attributes to service provider attributes, you'll now find settings for random and hash functions. The hash function takes a literal string or attribute value. The random function generates a random string of a specified length. Both functions optionally hash the string using the selected algorithm (MD5, SHA-1, SHA-256) and encode the string using the selected encoder (hex, base64).

PingOne SSO for SaaS Apps admins can now use the Customer Connections API to automate the creation of new connections to applications without the need for manual steps, accelerating onboarding and preventing configuration errors. All functionality is now available through the API, including features that were previously limited to the admin console such as multiplexing and single logout (SLO) settings.

The new PingOne GitHub and Lucid Chart Connectors enable enterprises to set up SSO and reduce administrative efforts by offering quick connection templates for provisioning users and groups.

PingOne for Enterprise administrators can now authenticate end users through OpenID Connect identity repositories. In addition, PingOne SSO for SaaS Apps administrators can now manage partner identity repositories, provide access to applications from a private catalog, enable access to a partner PingOne dock and apply MFA policies to sensitive applications.

We eased integration with Azure and ADFS by adding them as new identity provider options. Admins also now have the ability to do attribute mapping as a part of any identity provider setup. For Azure AD, you can also synchronize groups for SSO access control.

We are pleased to announce PingOne for Customers, an Identity as a Service offering built for developers, that provides API-based identity services for customer-facing apps. It helps large enterprises launch apps faster, replace custom identity services that are difficult to maintain, and facilitate the transition from on-premises deployments to cloud-hosted services.

Adding applications leveraging the OIDC protocol just got easier, with a setup wizard providing guidance for administrators during configuration. Once admins select the specific OIDC application type to configure, subsequent steps are then tailored to that application type (e.g. web, native, single page). Additionally, OIDC applications registered in PingOne for Enterprise can now be configured with a single logout (SLO) option which enables PingOne to trigger a logout action in the application.

PingOne for Enterprise introduces significant features to ease administration and improve user experience. The latest release expands the administrative auditing features to now support both partner and PingID use cases, in addition to workforce. We improved administrative ease of use of PingOne as an OIDC relying party by changing the way user attributes are mapped and updating the OIDC application wizard and summary screen. Also, PingOne for Enterprise now provides a more convenient, secure user experience by supporting OIDC Identity Provider single logout (SLO).

For product updates prior to 2018, please use the button below. 

PingOne SSO for SaaS Apps administrators are now able to update and manage certificates. They now have access to several tools to visualize and manage certificates used by their applications and connected customer identity providers. It allows for more flexibility and control with the ability to create new signing certificates, rotate existing certificates and see which applications and customers are using certificates that are expiring or have expired.

PingOne for Enterprise now supports additional branding and customization options to present a more seamless user experience. All aspects of a user journey can be customized with an organization’s logo and theme. This includes dock, hosted login & password reset, identity provider (IdP) discovery, logout and error screens.

PingOne for Enterprise now supports additional user attributes within the Workplace by FacebookTM provisioner. In order to take advantage of the new provisioner features, you will need to edit the SaaS provisioning connector.

For more information, see the PingFederate Workplace by Facebook Connector Guide 1.7.

PingOne for Enterprise eases administration with improved OIDC support. When the default OIDC scopes and claims are insufficient, admins can now define custom scopes and attributes for their apps.

For added security, PingOne for Enterprise adds an option when configuring SAML applications to enable encryption of the SAML response sent from PingOne to the service providers.

The PingOne for Enterprise AWS provisioner has been updated to support the AWS 2.0 API, including the provisioning of the Password and PasswordResetRequired attributes, as well as for updating the UserName attribute.

PingOne SSO for SaaS Apps administrators can now view a report that summarizes the total active user counts for each of their customers. Combined with the existing per-application summaries, this provides a complete picture of each IdP customer's usage and allows for flexibility in how PingOne SSO for SaaS Apps administrators measure that usage. The new "SSO User Count" summary can be found in the admin portal alongside the existing reports, under Dashboard > Reporting.