Qodex.ai

Assign an MFA Sign-On Policy to a Web Application

Number of APIs: 7

This activity shows you how to define a Web application, create an MFA sign-on policy, and assign the sign-on policy to the application.

This scenario illustrates the following common operations supported by the PingOne APIs:

  • Create an application
  • Assign a resource grant to the application
  • Create a sign-on policy
  • Create a sign-on policy MFA action
  • Assign a sign-on policy to an application

Prerequisites

Get an access token from the worker application that you created in Getting Started with the PingOne APIs. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, see GET a Worker Application Access Token.

Workflow order of operations

To create the application specify its sign-on policy:

  1. Make a POST request to the /environments/{{envID}}/applications endpoint to define a new Web application.

  2. Make a GET request to /environments/{{envID}}/resources to get the list of available resource server IDs.

  3. Make a get request to /environments/{{envID}}/resources/{{resourceID}}/scopes to get the OIDC scopes for the resource grant.

  4. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to assign a resource grant to the application.

  5. Make a POST request to the /environments/{{envID}}/signOnPolicies endpoint to create a new sign-on policy.

  6. Make a POST request to /environments/{{envID}}/signOnPolicies/{{signOnPolicyID}} to create an MFA sign-on policy action for the new sign-on policy.

  7. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to assign the MFA sign-on policy with the new Web application.

  1. Step 4: Assign a resource grant to the web application POST {{apiPath}}/environments/{{envID}}/applications/{{webAppId}}/grants

  2. Step 1: Create a web application POST {{apiPath}}/environments/{{envID}}/applications

  3. Step 2: Get all resources GET {{apiPath}}/environments/{{envID}}/resources

  4. Step 3: Get all OIDC scopes GET {{apiPath}}/environments/{{envID}}/resources/{{openidResourceID}}/scopes

  5. Step 5: Create an MFA sign-on policy POST {{apiPath}}/environments/{{envID}}/signOnPolicies

  6. Step 6: Create a sign-on policy MFA action POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{mfaPolicyID}}/actions

  7. Step 7: Assign the MFA sign-on policy to the web application POST {{apiPath}}/environments/{{envID}}/applications/{{webAppId}}/signOnPolicyAssignments