Release Notes
New features and improvements in PingOne DaVinci Connectors.
Subscribe to get automatic updates: PingOne DaVinci Connectors RSS Feed.
January 2026
January 8
The LDAP connector is deprecating the format of three Active Directory (AD) attribute types
Improved LDAP Connector
The LDAP Connector is changing the format of Active Directory (AD) attributes objectSid, objectGUID, and ms-ds-consistencyGUID in the entry in response to capabilities such as Create Entry, Modify DN, Replace Attributes, and Modify Attribute.
Previously, these attribute values were returned in a binary format, such as \u0001\u0005\u0000\u0000\u0000\u0000\u0000\u0005\u0015…. Now they are returned in a decoded, human-readable format, such as S-1-5-21-….
Existing customers already using these attributes in their DaVinci environments have been notified and advised to work with their account teams or support in order to update their flows and avoid any impact.
This change is generally available today for all other customers and any new environments.
October 2025
October 7
Renamed the Form connector
Info Form Connector
Previously, the PingOne Forms connector was shown in the Ping Identity connectors category. Now, the connector is in the Core connectors category with the name Form.
This change reflects the connector’s role as a basic building block for DaVinci flows and the recommended method for creating user interfaces.
August 2025
August 27
Added the ability to block redirects in Make REST API Call nodes
Improved HTTP Connector
In the HTTP Connector Make REST API Call capability, the new Block Redirects option allows you to enhance the security of the flow by preventing the browser from automatically following redirects. When a redirect is attempted, an error occurs instead.
August 19
Authenticate User via Kerberos
New PingOne Connector
The PingOne Connector Authenticate User via Kerberos capability now supports additional gateway and user type pairs. The ability to add multiple sets of gateway and user types help support large enterprises with multiple domains who need to validate Kerberos tokens.
July 2025
July 18
The Show Form capability now includes conditional component visibility
Improved Form Connector
The Form Connector conditional component visibility allows you to create a form in PingOne Forms with components that you can configure to be hidden or shown in a user-facing form based on Boolean values pulled from your DaVinci flow. Learn more in Configuring conditional component visibility.
When you include a form with conditional component visibility with the Show From capability, you’ll see the additional Component Visibility field with key-value pairs to configure which components are shown or hidden.
June 2025
June 3
Read Theme
New PingOne Connector
You can now use the PingOne Connector Read Theme capability to get theme details with the theme ID. This helps when designing PingOne DaVinci multi-brand experiences.
Update User through Gateway
New PingOne Connector
You can now use the PingOne Connector Update User through Gateway capability to retrieve a user’s attributes through a PingOne gateway and update the PingOne user profile with them.
May 2025
May 22
Remembered devices
Improved PingOne MFA Connector
The PingOne MFA Connector now supports the "remember me" functionality that was added to MFA in February 2025.
April 2025
April 30
The Splunk Connector now respects localized error messages
Fixed Splunk Connector
Error handling for the Splunk Connector has been corrected and now respects localized error messages. As a result, select error outcomes might produce different message text.
April 25
The LexisNexis Connector now respects localized error messages
Fixed LexisNexis Connector
Error handling for the LexisNexis Connector has been corrected and now respects localized error messages. As a result, select error outcomes might produce different message text.
April 4
Authenticate User via Kerberos
Improved PingOne Connector
The PingOne Connector Authenticate User via Kerberos capability now supports the selection of a user type, regardless of whether user migration is enabled or not.
The ability to select a user type without user migration allows you to create DaVinci flows to offer seamless SSO authentication experience to users provisioned from Microsoft Active Directory into PingOne through an LDAP gateway provisioning connection and an inbound rule.
|
The selected LDAP gateway must be configured with at least one user type. |
April 1
The Location Policy connector now outputs country result
Updated Location Policy Connector
The Location Policy Connector Allow by Location Name and Deny by Location Name capabilities now provide the location information associated with the user’s IP address. This makes it easy to branch the flow more specifically after an allow or deny result by evaluating the user’s exact country.
March 2025
March 15
Read Population
Improved PingOne Connector
You can now use the PingOne Connector Read Population capability to include the default preferred language to support building an authentication experience.
Update User
Improved PingOne Connector
You can now use the PingOne Connector Update User capability to clear user attributes from a user profile.
February 2025
February 15
New Read Device Authentication Policy capability
New PingID Connector
The PingID Connector Read Device Authentication Policy capability allows you to read device authentication policies in your PingOne DaVinci flow.
February 10
Improved flexibility with SAML and WS-Federation attributes sent to PingOne
New PingOne Authentication Connector
When authenticating users by redirecting the browser to your DaVinci flow with the PingOne Authentication Connector, the DaVinci flow policy returns additional attributes to PingOne. You can now override the default format of those attributes.
|
The ability to use a flow to orchestrate authentication for Microsoft 365 applications is currently in limited release. To request access to these parameters, open a support case. |
January 2025
January 14
Simplified Get User Consent capability
Improved PingOne Scope Consent Connector
Previously, to select how the PingOne Scope Consent Connector capability identifies the application from the Application Attribute field, you had to select either Application ID or Application Name and enter a value into the corresponding field.
Now, you can always enter the applicable scope into the Scopes field regardless of the Application Attribute field value.
December 2024
December 11
Read Population
Improved PingOne Connector
You can now use the PingOne Connector Read Population capability to determine a user’s population based on an alternative identifier value and can also specify a theme to support multi-brand authentication experiences.
December 4
New hashing options in the Functions Connector
Updated Functions Connector
Hashing a value is an effective way to verify data in your flow while keeping it secure. To make this easier, we’ve added new configuration options to the Create a Hash capability in the Functions connector. Select the hashing algorithm, use a generated salt value or provide your own, and choose the final encoding method.
November 2024
November 11
The Splunk connector is now available
New Splunk Connector
You can use the Splunk Connector to gain real-time operational intelligence through Splunk in your PingOne DaVinci flow.
October 2024
October 9
Get Token Details is now Validate JWT Token
New Token Management Connector
We have enhanced the Token Management Connector Get Token Details capability to make it easier to work with JSON Web Tokens (JWT) in your flow. To reflect these new features, the capability is now named Validate JWT Token. The new capability is backward compatible with DaVinci tokens, but you can now decrypt any token created with PS*, RS*, ES*, or HS* algorithm by providing the associated public or secret key and, if applicable, the key ID.
You can now configure the capability to validate a variety of claims, including the algorithm, audience, issuers, or subjects. The Error If Token Is Expired field is now named Validate Expiration Time. When a token fails the validation rules, the flow continues down the False path. When the token passes, DaVinci provides the claims in the output schema and the flow continues down the True path.
Managing group metadata
Improved PingOne Connector
The following PingOne Connector capabilities allow you to manage group metadata.
-
Read Group
-
Create Group
-
Update Group
Expanded Data Sent to Webhooks
Fixed Flow Analytics Connector
The Flow Analytics Connector now sends the contents of the Outcome Status Detail and Outcome Description/Comment fields to webhooks, providing external logging systems with more thorough information about flow errors. You can also populate these fields with variables or data from preview nodes using the icon.
include::2024-05-May.adoc[.ping_product]HTTP Connector
April 2024
April 30
Specify branding and theme for forms within the PingOne Forms Connector
New Form Connector
The Form Connector Show Form and Show Branded Message capabilities now include the ability to specify a theme with the new Form Theme field, which displays the themes configured in your PingOne environment under Branding & Themes.
Additionally, you can also select Use Theme ID and paste the unique Theme ID. Learn more in Selecting a theme.
PingOne user lookup capabilities now update the global variable for user ID
Improved PingOne Connector
The following PingOne Connector capabilities now update the p1userid global variable in DaVinci with the user ID when the user is successfully found:
-
Find User
-
Check Password
-
Create User
-
Read User
This update allows you to use the p1userid global variable in the flow to ensure the user ID will be populated at the right times.
The PingOne Advanced Identity Cloud Access connector is now available
New PingOne Advanced Identity Cloud Access Connector
You can use the PingOne Advanced Identity Cloud Access Request Connector to:
-
Manage users
-
Create access requests
-
Make custom API calls
The PingOne Advanced Identity Cloud Login connector is now available
New PingOne Advanced Identity Cloud Login Connector
You can use the PingOne Advanced Identity Cloud Login Connector to authenticate users using the default journey.
March 2024
March 22
The LexisNexis connector is now available
New LexisNexis Connector
You can use the LexisNexis Connector to:
-
Get risk assessments from ThreatMetrix with the LexisNexis Dynamic Decision Platform
-
Use the LexisNexis Dynamic Decision Platform to access Emailage, Phone Find, and Other services defined by your LexisNexis Policy
-
Authenticate users with OTPs
-
Authenticate users with security questions
This new connector replaces the previous LexisNexis connector to take advantage of the latest LexisNexis APIs and provide a simplified configuration and modern end-user experiences.
February 2024
February 10
Authenticate user through Kerberos
New PingOne Connector
You can use the new PingOne Connector Authenticate User Via Kerberos capability to authenticate Active Directory users seamlessly through the Kerberos protocol.
Added capabilities for device authorization
New PingOne Authentication Connector
The following capabilities have been added to the PingOne Authentication Connector to allow for device authorization:
-
Verify User Code (Device Auth Flows)
-
Authorize User Code (Device Auth Flows)
-
Decline User Code (Device Auth Flows)
Added RequestedAuthnContext for SAML external IdPs
New PingOne Authentication Connector
The PingOne Authentication Connector Sign On with External Identity Provider capability now includes the following fields:
-
Requested Authentication Context
-
Authentication Context Reference
You can now select whether to pass the requested authentication context using the AuthnContextClassRef or the AuthnContextDeclRef based on your agreement with the SAML IdP.
January 2024
January 14
PingOne Scope Consent connector now available
New PingOne Scope Consent Connector
The new PingOne Scope Consent Connector is now available.
Use this connector to view consent records on an application or user basis, revoke or update user consent records, or prompt users to provide or decline consent to sign-on policies and record these decisions.
November 2023
November 11
Updated Error Mappings
Fixed Flow Conductor Connector
The error mappings for the Flow Conductor Connector OOB Continue and OOB Start capabilities have been updated.
The following error mappings were removed from the OOB Continue capability:
'missingQueryData': 'The request did not include query data', 'missingTokenData': 'The request was missing token data', 'jwtError': 'There was a problem parsing the JWT', 'validationError': 'There was a problem validating the JWT contents', 'challengeRefExpired': 'The challenge reference has expired', 'challengeRefNotFound': 'The challenge reference was not found', 'challengeExpired': 'The challenge has expired', 'challengeNotFound': 'The challenge could not be found', 'challengeRefError': 'The challenge reference is invalid', 'challengeAlreadyApproved': 'The challenge has already been approved'
If you modified any of these error messages, the modified version will remain. You can delete and recreate the node to remove the older mapping.
The following error mappings were added to the OOB Start capability:
'challengeExpired': 'The challenge has expired', 'challengeAlreadyApproved': 'The challenge has already been approved', 'unexpectedError': 'An unexpected error occurred'
The OOB Start capacity also includes a non-customizable error message displayed for some backend issues: An internal error has occurred. Contact support if you see this error message or unexpectedError.
PingOne RADIUS Gateway flow enhancement
Improved PingOne RADIUS Gateway Connector
We’ve added the ability to evaluate PingID authentication policies to all RADIUS Gateway flows with the PingOne RADIUS Gateway Connector. To support this enhancement, we’ve also added the Policy Evaluation capability to the PingID Connector.
PingID authentication subflow enhancements
Improved PingID Connector
The PingID Connector authentication subflow now includes the following features:
-
We’ve added the ability to evaluate and apply PingID policy to the PingID sub-flows To support this enhancement, we’ve added the Policy Evaluation capability to the PingID connector.
-
Administrators can now define a list of mandatory authentication methods. If defined, users are forced to register all the required authentication methods to access their resources.
-
If a user does not have a registered device during an authentication flow, after they successfully register a new device they are also required to authenticate with the new device.
September 2023
September 13
The Forms connector now supports risk profiling
New Form Connector
The Form Connector Show Form capability now has two new fields:
-
You can turn on Enable Device Profiling to connect with the PingOne Protect SDK. When enabled, device information is collected for risk profiling.
-
After you turn on Enable Device Profiling, you can then turn on Include Behavioral Data to identify non-human activity as an additional safeguard.
August 2023
August 29
Search for users with a custom SCIM filter
New PingOne Connector
Previously, when searching for users with Find User and Find Multiple Users in the PingOne Connector, the capability builds a SCIM filter based on a list of attributes and a search term.
You can now provide your own filter by toggling on the new Custom SCIM Filter field, allowing you to pick the operators used for filtering and allow different values to be searched for each attribute.
Create and update user mappings updated to resolve error from PingOne
Improved PingOne Connector
The PingOne Connector Create User and Update User capabilities mappings no longer pass empty values to PingOne. Previously, PingOne sent an error to DaVinci due to empty values.
If a field is included with no value, the connector would normally pass it to PingOne as an empty string. If no field or value is included, the connector would normally pass it as a null value. Now, these values are omitted and not passed as empty values.
Character limit for User Groups field
Fixed PingID Connector
When using the legacy PingID Connector in a DaVinci flow, there was a problem if the User Groups field contained more than 100 characters. This 100-character limit has been removed.
July 2023
July 7
Ability to override MFA policy
Improved PingOne MFA Connector
We’ve enhanced the PingOne MFA Connector Policy ID field to the Create Device Authentication Capability that enables you to override the MFA policy that is configured in the MFA connector settings.
June 2023
June 29
Unlock user account
New PingOne Connector
The new PingOne Connector Unlock User capability allows you to unlock a locked PingOne user account:
New group CRUD capabilities
New PingOne Connector
To support group manipulation during flows in DaVinci, we have added the following capabilities to the PingOne Connector:
-
Create Group
-
Read Group
-
Update Group
-
Delete Group
-
Read Group Members
These allow you to create, manage, and read groups in a PingOne environment.
The Make REST API Call capability now supports mTLS
New HTTP Connector
The HTTP Connector now supports mTLS. The Make REST API Call capability includes a new MTLS Support field to include keys configured in PingOne. You can view and create keys in PingOne by selecting the Certificates and Keypairs link under the field.
The default configuration is None, which will not use mTLS for API calls with the connector.
Added Variable option for last sign on
New PingOne Authentication Connector
The PingOne Authentication Connector Check Session capability now includes a Variable option for the Last Sign On field, which enables variable and parameter use.
May 2023
May 6
Authenticate with PingOne external identity providers
New PingOne Authentication Connector
The Sign On with External Identity Provider capability lets you use PingOne external identity providers to authenticate users in your DaVinci flows. You can optionally link the resulting user information to PingOne accounts to enable self-service features and centralize user management within your organization.
Learn more in PingOne Authentication Connector.
The ServiceNow connector is now available
New ServiceNow Connector
You can use the ServiceNow Connector to:
-
Create, deactivate, modify, and search for users
-
Add users to groups
-
Read, create, and modify incidents
April 2023
April 22
The Forms connector is now available
New Form Connector
You can use the Form Connector to:
-
Build flows around user experiences that you create on the Experiences > Forms tab in PingOne.
-
Show messages using the branding that you define on the Experiences > Branding & Themes tab in PingOne.
Find multiple users
New PingOne Connector
You can now use the PingOne Connector Find Multiple Users capability to search and return up to 100 users.
PingOne MFA Connector
Improved PingOne MFA Connector
We’ve enhanced the PingOne MFA Connector to enable the user to enter their One-time Passcode (OTP) when triggering Multi-factor Authentication (MFA). It’s now possible for the user to enter a TOTP/HOTP-generated OTP when starting authentication using the Create Device Authentication endpoint.
New flows for the PingOne RADIUS Gateway connector
Improved PingOne RADIUS Gateway Connector
We have added the following PingOne RADIUS Gateway Connector flow templates to support authentication for MS-CHAP v2 protocol, authentication in no-challenge mode, and on-the-fly registration:
PingID Connector
Improved PingID Connector
We’ve enhanced the PingID Connector to enable the user to enter their One-time Passcode (OTP) when triggering Multi-factor Authentication (MFA). It’s now possible for the user to enter a TOTP/HOTP-generated OTP when starting authentication using the Create Device Authentication endpoint.
March 2023
March 5
The PingOne Authentication Connector is now available
New PingOne Authentication Connector
You can use the PingOne Authentication Connector to:
-
Authenticate users by integrating DaVinci flows into your application using a browser redirect or the DaVinci widget
-
Create, update, or delete PingOne authentication sessions
-
Check whether a user has an active session
The Azure AD User Management connector is now available
New Azure AD User Management Connector
You can use the Azure AD User Management Connector to:
-
Query user information
-
Create, update, and delete users
-
List the users in a group
-
Add and remove group members
-
Add and remove software licenses and disable plans
New capabilities for getting information by device ID
New CrowdStrike Connector
We have added the following capabilities to the CrowdStrike Connector:
-
Check Device Status by Device ID
-
Get Incident Scores by Device ID
These allow you to create more granular policies by targeting a specific device.
Checkboxes in HTML forms now return detailed values
Improved HTTP Connector
The HTTP Connector Custom HTML Template capability is often used to build a form, with checkbox elements such as the following:
<input type="checkbox" name="customerLocation" id ="customerLocation" value="loc256">
Previously, checkboxes would only return true or false, such as:
customerLocation=true
Now, when the checkbox is selected, it provides the value defined in the element properties, such as:
customerLocation=loc256
Other scenarios:
-
When the checkbox is selected and a
valueisn’t defined, it returnstrueoron, depending on the browser. -
When the checkbox is cleared, no value is returned.
|
This change could impact the function of your production flows. Review any flows that use the Custom HTML Template capability to show a check box to the user. If so, check whether the flow relies on a |
January 2023
January 20
New PingID Connector flows
New PingID Connector
Following the release of the new PingID Connector, we’ve added the following out-of-the-box flows:
PingID devices page availability
Issue PingID Connector
The PingID Connector Devices page is not available when using the PingID Authentication sub-flow. The 'Settings' button is therefore not displayed on the Authentication screen.
Fixed the "poll is not defined" error
Fixed Challenge Connector
We’ve fixed an issue that caused the Challenge Connector to report "poll is not defined" when using the Poll for Transaction Status capability.
December 2022
December 12
PingOne RADIUS Gateway connector now available
New PingOne RADIUS Gateway Connector
The new PingOne RADIUS Gateway Connector is now available.
Use this connector to orchestrate user authentication flows that are initiated by authentication requests using the RADIUS protocol.
PingID Connector now available
New PingID Connector
The new PingID Connector is now available.
Use this connector to register and authenticate your users with PingID when the PingID tenant is connected to a PingOne environment.
The PingID connector is based on the PingOne API and includes an increased set of capabilities. It replaces the previous PingID connector (now called PingID Legacy Connector).
December 5
"HTML Form" capabilities have been deprecated
Info HTTP Connector
The following HTTP Connector capabilities are not available on environments created after December 5, 2022:
-
HTML Form
-
HTML Form with reCAPTCHA
These capabilities are being replaced by a new drag-and-drop form builder in PingOne. In the PingOne admin console, navigate to Experiences > Forms to create forms that use your existing branding and themes.
The PingOne Forms connector lets you include these forms in your flows.
October 2022
October 10
Manage group memberships for PingOne users
New PingOne Connector
The following new PingOne Connector capabilities allow you to manage which groups a user belongs to:
-
Create User Group Membership
-
Delete User Group Membership
Combined with the existing Read User Group Memberships capability, this provides you with a more complete membership management experience.
Migrate users from an LDAP datastore to PingOne
New PingOne Connector
The new PingOne Connector Migrate User through Gateway capability allows you to authenticate a user against an LDAP gateway set up in PingOne, then automatically migrate the account to the main PingOne user store.
By integrating this into your existing authentication flow, you can migrate users gradually as they sign on.
The Gateway User Type List property allows you to filter by specific gateways and user types.
Force a user to set a new password next time they sign on
New PingOne Connector
In the PingOne Connector, you can now set a flag that forces a user to set a new password next time they sign on.
Previously, the new password had to be set by the administrator when flagging the account.
Dynamically populated capability fields
Improved PingOne Connector
When configuring a PingOne Connector capability, DaVinci now populates properties, such as Population and Agreement, with information from PingOne.
Your existing configuration still works, and you can always select Use Population ID (or the equivalent) to show a manual entry field. This lets you manually enter a value or use a dynamic value from your flow.
Simpler attributes list for creating and updating users
Improved PingOne Connector
Previously, the PingOne Connector Create User and Update User capabilities allowed you to define additional user attribute mappings by manually typing attributes and values in the Other Attributes section.
To make the configuration more convenient, the attribute names and data types are now populated automatically from your PingOne environment.
Default error messages for capabilities
Improved PingOne Connector
All PingOne Connector capabilities now use the default error messages from the PingOne API. This makes it easier to set up a flow with meaningful error messages.
You can override these messages on the Mappings (Error Messages) tab of the capability configuration.
Use your default PingOne population
Improved PingOne Connector
When configuring PingOne Connector capabilities that need a population, you can now select Use Default Population instead of selecting a specific population.
When you set a default population in PingOne, all capabilities with this setting will automatically use that population.
Get Transaction Status now outputs the complete transaction status details
Fixed Challenge Connector
Previously, the Challenge Connector Get Transaction Status capability would output a blank details object. It is now populated with the Additional Fields configured in the Challenge node that set the transaction status.
June 2022
June 23
The CrowdStrike connector is now available
New CrowdStrike Connector
You can use the CrowdStrike Connector to:
-
Check whether a device is managed by CrowdStrike
-
List the devices associated a username or IP address
-
Get the incident scores for devices
-
Get the CrowdStrike scores from multiple incidents
-
Get the CrowdStrike Zero Trust Assessment scores for a device
-
Get the CrowdScore for an environment
-
Managed quarantined devices
February 2022
February 10
The PingOne connector is now available
New PingOne Connector
You can use the PingOne Connector to:
-
Create a sign-on flow for authentication
-
Reset a user’s password
-
Register new users in the PingOne user store
-
Create, edit, and delete users in the PingOne user store
-
Verify a user’s email address
-
View a user’s population
-
View a user’s group membership
-
View agreements and consents for a user