Release Notes

New PingOne Authentication Connector

Client-initiated backchannel authentication (CIBA) lets an end user use an application on one device and grant consent to the application on another device. The PingOne Authentication Connector has been enhanced with two new capabilities to orchestrate the out-of-band authentication and authorization experience: Return CIBA Success and Return CIBA Error. When you build a PingOne DaVinci CIBA flow, configure it with these new capabilities.

New PingOne Connector

Several capabilities in the PingOne Connector have a new configuration option to escape user attributes. You can now use a toggle to automatically escape input for each capability that executes a user search with a username. This allows customers to opt in based on their needs for each flow and doesn’t break existing flows.

Improved LDAP Connector

The LDAP Connector is changing the format of Active Directory (AD) attributes objectSid, objectGUID, and ms-ds-consistencyGUID in the entry in response to capabilities such as Create Entry, Modify DN, Replace Attributes, and Modify Attribute.

Previously, these attribute values were returned in a binary format, such as \u0001\u0005\u0000\u0000\u0000\u0000\u0000\u0005\u0015…​. Now they are returned in a decoded, human-readable format, such as S-1-5-21-…​.

Existing customers already using these attributes in their DaVinci environments have been notified and advised to work with their account teams or support in order to update their flows and avoid any impact.

This change is generally available today for all other customers and any new environments.

Info Form Connector

Previously, the PingOne Forms connector was shown in the Ping Identity connectors category. Now, the connector is in the Core connectors category with the name Form.

This change reflects the connector’s role as a basic building block for DaVinci flows and the recommended method for creating user interfaces.

Improved HTTP Connector

In the HTTP Connector Make REST API Call capability, the new Block Redirects option allows you to enhance the security of the flow by preventing the browser from automatically following redirects. When a redirect is attempted, an error occurs instead.

New PingOne Connector

The PingOne Connector Authenticate User via Kerberos capability now supports additional gateway and user type pairs. The ability to add multiple sets of gateway and user types help support large enterprises with multiple domains who need to validate Kerberos tokens.

Improved Form Connector

The Form Connector conditional component visibility allows you to create a form in PingOne Forms with components that you can configure to be hidden or shown in a user-facing form based on Boolean values pulled from your DaVinci flow. Learn more in Configuring conditional component visibility.

When you include a form with conditional component visibility with the Show From capability, you’ll see the additional Component Visibility field with key-value pairs to configure which components are shown or hidden.

New PingOne Connector

You can now use the PingOne Connector Read Theme capability to get theme details with the theme ID. This helps when designing PingOne DaVinci multi-brand experiences.

Improved PingOne MFA Connector

The PingOne MFA Connector now supports the "remember me" functionality that was added to MFA in February 2025.

Fixed Splunk Connector

Error handling for the Splunk Connector has been corrected and now respects localized error messages. As a result, select error outcomes might produce different message text.

Fixed LexisNexis Connector

Error handling for the LexisNexis Connector has been corrected and now respects localized error messages. As a result, select error outcomes might produce different message text.

Improved PingOne Connector

The PingOne Connector Authenticate User via Kerberos capability now supports the selection of a user type, regardless of whether user migration is enabled or not.

The ability to select a user type without user migration allows you to create DaVinci flows to offer seamless SSO authentication experience to users provisioned from Microsoft Active Directory into PingOne through an LDAP gateway provisioning connection and an inbound rule.

Updated Location Policy Connector

The Location Policy Connector Allow by Location Name and Deny by Location Name capabilities now provide the location information associated with the user’s IP address. This makes it easy to branch the flow more specifically after an allow or deny result by evaluating the user’s exact country.

Improved PingOne Connector

You can now use the PingOne Connector Read Population capability to include the default preferred language to support building an authentication experience.

Improved PingOne Connector

You can now use the PingOne Connector Update User capability to clear user attributes from a user profile.