Release Notes

Improved DV-14275

We’ve streamlined how PingOne flows are identified within DaVinci. Previously, two different fields (trigger.type=AUTHENTICATION and settings.pingOneFlow) could be used to designate a flow as a PingOne flow.

To improve consistency and clarity, we’ve updated the system to exclusively use the trigger.type=AUTHENTICATION setting as the source of truth. The settings.pingOneFlow field in the flow JSON is now ignored. Flows using the old setting can still be imported but must be updated. If you use Terraform, you should update to the latest version.

Improved DV-21416

We’ve updated the flow import feature to scan the imported flow and any referenced subflows for JavaScript and display a non-blocking warning if JavaScript is found. This improves security awareness without slowing the import process.

New

We’ve released the Authentication and MFA Use Case connectors in early access. Learn more in the connector release notes.

Improved DV-21266

We’ve added a new capabilityClass metadata field to the flow JSON. This field appears on flow nodes in the export JSON, indicating their capability class. This change supports exporting workflows that include batch processing.

New DV-6977

We’ve added the ability for DaVinci to support multiple flow executions if a user launches more than one flow in the same browser. When Allow Multiple Flow Executions in Browser is enabled, the first flow will run, and the remaining flows will pause until the first flow is finished. Learn more in Company Settings and in Launching a flow with the widget.

New

To make it easier for you find commonly-used nodes, clicking + on the canvas opens a new menu that makes common flow elements easier to find.

Additionally, when you add nodes to the canvas, you can place them anywhere you want. Learn more about nodes in Managing nodes.

New

We’re introducing a baseline Content Security Policy (CSP) for all PingOne OIDC and SAML flows to enhance browser-level security protections.

The CSP introduction is being applied in multiple phases. In the first phase, beginning March 23, 2026, the baseline CSP will be applied in report-only mode. This will allow Ping to monitor and identify violations without blocking any resources.

Ping will actively monitor violations to ensure a smooth transition to enforcement.

These CSP headers are applied to HTML responses in flows launched with a PingOne redirect. The baseline policy is:

New DV-1222

We’ve added an option for flows to support rendering in a legacy browser directly or within a WebView compatible with legacy browsers. Learn more in Editing flow settings.

Improved DV-13689

We’ve streamlined flow logging to reduce noise and highlight critical events:

Improved DV-7299

We’ve added the ability to disable the default DaVinci CSS for a specific flow. You can enable this ability using flow settings for a flow launched with a redirect, or using an alternate JavaScript file for a flow launched with the widget. Learn more in Editing flow settings and Launching a flow with the widget.

Fixed DV-10833

We’ve updated the Out-of-Band (OOB) process so that when a user clicks an OOB Continue link and the associated challenge has expired, the flow consistently follows the false branch of the challenge evaluation.

Improved

We’ve updated the nodes on the DaVinci canvas with softer edges and shadows. For nodes with a list of outcomes, like the Function connector’s A==B Multiple Conditions capability, the new look integrates the list into the parent node and provides more room for the outcome labels.

Info

We’ve updated the DaVinci global variables as part of the second phase of custom domain infrastructure changes. Learn more about custom domain infrastructure changes in the PingOne release notes. Learn more about the changes to DaVinci in Including variables and other data.

Fixed DV-18517

We fixed an issue with flows launched with the SDK that used social IdP that caused the Return to URL field to be ignored. If the IdP returns an error, the user is now correctly redirected to the Return to URL, and the flow progresses down the false path from the IdP node.

Info

Learn more in the PingOne connector release notes.

Fixed DV-21831

We’ve updated the flow validation rule for UI subflows to make it a warning rather than an error, and to provide additional guidance for avoiding UI subflow issues. Learn more in Validating a flow.

Improved DV-21680

We’ve updated the DaVinci Interaction Send Error Response webhook events to include user/actor information whenever it is available for a connector. This improvement streamlines the troubleshooting process by making user details easier to find.

New

We’ve released a new notification template in PingOne for account creation. You can now use this template to send a notification to the user when an account is created within a DaVinci flow.

Fixed DV-17680

We fixed an issue that caused configuration data from previously selected capabilities to be saved within a flow, causing inaccurate data to be included during the flow validation. Saved flow versions now only contain data for the active capabilities.

Improved

We’ve improved the flow validation process to detect additional issues, including teleport node, subflow, and JSON success and error issues. Learn more in Validating a flow.

Fixed DV-21414

We fixed an issue that prevented flow analytics from displaying in some environments if the flow ran in a different region.

Improved

We’ve made several improvements to the flow analytics display, including clearer linking between nodes and logged events, icons for events indicating an error, and the ability to filter the flow execution list for flow executions with errors. Learn more in Debugging and analytics and Viewing flow analytics.

Improved

We’ve added the option to use custom HTML and CSS for the flow timeout error message, replacing the default flow timeout error message. Learn more in Editing flow settings.

Info

The PingOne Forms connector has been moved to the Core category and named the Form connector. Learn more in the Form connector.

Fixed DV-18157

We’ve fixed an issue with flow version retention. The issue caused every previous deployed flow version to be preserved, which caused flow latency or save failures in some cases. The creation of new flow versions was blocked in some environments because of this issue.

DaVinci now correctly enforces a limit of 100 flow versions per flow, which includes the versions used in flow policies directly or indirectly through a subflow reference. Versions older than the 100 most recent versions, which might have been visible before, are now deleted automatically.

Fixed DV-957

We’ve improved protections to prevent exposure of sensitive information.

Improved

Starting September 10, 2025, and rolling out over the following two weeks, we will make the following changes to how DaVinci analytics events older than 30 days are retained:

This change won’t affect dashboards or DaVinci audit trail retention.

Improved

Platform enhancements have improved flow latency and allowed for better overall throughput. All DaVinci environments will see these improvements by the end of September, 2025.

Improved

We’ve deprecated the interactionToken and skProxyApiEnvironmentId attributes. This simplifies API interactions by removing attributes that weren’t generally used.

Improved

In PingOne Forms, you can now set hyperlinks in Translatable Rich Text to open in a new tab. This allows you to keep the user in the current flow while directing them to an out-of-band experience or to an external resource, such as an agreement document hosted by your organization.

New

For flows launched using PingOne, when the Initiate Single Sign-On URL includes request parameters, those parameters are included in the SAML properties from PingOne. Learn more in Launching a PingOne flow with a redirect.

Issue

If a user launches multiple flow executions in a single browser, the first flow runs but subsequent flows fail. The workaround is to structure flow invocations so that users aren’t launching more than one flow at a time.

Issue DV-18157

Flow versioning has a known issue that causes every previous flow version to be preserved, ignoring the intended limit of 100 flow versions per flow. In some cases, this can cause flow latency or save failures. The creation of new flow versions has been blocked for flows with excessive versions.

Improved

Custom code fields in DaVinci, such as in the Custom Function node, now support more linting rules to promote best practices for code. As a result, you might see new messages in existing code, including line 3 of the default code that was previously provided.

The default code for Custom Function nodes has been updated to support the new standards.

If your current code includes module.exports = a = async ({params}) ⇒ {, update it to match line 3 of the new default code:

Info

We’ve updated the handling of global variables. Any global variable that’s specific to the client, such as IP address and userAgent, is populated or repopulated by the most recent HTTP request. This can include out-of-band continue or webhook nodes that are active on the current branch of the flow, where the client might be different from the one that initiated the flow.

Improved

We’ve removed the following unnecessary attributes from connector error outputs:

Improved

We’ve removed some items, such as internal API calls and other internal processes, from the analytics. This makes the analytics easier to parse by removing items that aren’t generally relevant.

Improved

We’ve updated the way that global variables are referenced within a flow. You can still reference a global variable using the global.variables.<variable name> syntax, but you can no longer reference the entire global.variables object.

Improved

We’ve made the error messages for flow timeouts and missing SAML or OIDC usernames more informative.

Improved

Connector validation error responses no longer contain the flowId and policyId attributes. These values are still available in the global variables for the flow.

New

We’ve added an additional logging level Error that logs only starting and error events. This level is the default for newly created flows. Learn more in Editing flow settings.

Improved

We’ve removed duplicate or redundant fields from Debug and Info logs to make the logs easier to read and understand. Webhook events are not affected.

Improved

We’ve added new options to the Custom Analytics display in the dashboard. You can now create graphs comparing flows or node outcomes over time. Learn more in Dashboard.

Improved

We’ve improved the flow validation feature to enable automatic validation whenever you save a flow and to clearly associate validation results with specific flow versions. Learn more in Validating a flow.

Improved

We’ve made improvements to the flow canvas. When you open a flow, there’s now a search option that lets you locate specific nodes using connector or node information. Learn more in Using flow search.

Info

Learn more in the PingOne connector release notes.

Improved

We’ve made several improvements to the PingOne Forms feature, focusing on multi-factor authentication (MFA), agreements, and improving the experience for administrators and end users:

Learn more in the PingOne forms documentation.

New

We’ve added a tool for validating flows. The tool identifies errors that will prevent a flow from completing successfully and provides warnings for other issues. Learn more in Validating a flow.

Issue DV-18324

You can currently enter Flow HTTP Response Timeout (in seconds) values above the maximum value of 120 seconds. If you specify a value above the maximum, the minimum value of 15 seconds is used.

The workaround is to specify a value between 15 and 120 seconds.

New

We’ve added error checks to the flow export process. When you use the Download Flow JSON option and select the Include Subflows option, an error message displays if your Flow Conductor connectors use invalid subflows or subflow versions. Learn more in Exporting a flow.