Feature enablement

The feature endpoint is used to install new features on existing tenants, where enabling the feature may involve updating existing tenant configuration. Use this endpoint to test updating your tenant on a developer environment before migrating those changes to production.

Uninstalling or disabling a feature once installed requires contacting support and rolling back your tenant. Always test installing a feature first, before making any changes to your production environment.

URI HTTP Operation Description

URI	HTTP Operation	Description
/openidm/feature?_queryFilter=true	GET	Returns a list of feature objects. If a feature is not installed, `installedVersion` returns `null`.

/openidm/feature?_queryFilter=true

GET

Returns a list of feature objects. If a feature is not installed, installedVersion returns null.

Groups feature

For more information, refer to Groups.

To install the groups feature, ensure the following:

The managed configuration defines the alpha_user and bravo_user objects.
The repo.ds configuration defines the alpha_user and bravo_user generic mappings.
The managed configuration for alpha_user and bravo_user does not define the groups or effectiveGroups properties.
The managed configuration does not define the alpha_group or bravo_group objects.
The repo.ds configuration for the alpha_user and bravo_user generic mappings does not define the groups or effectiveGroups properties.
Resources do not exist in the repository for alpha_group or bravo_group.

URI	HTTP Operation	Description
/openidm/feature/groups	GET	Returns the status of the groups feature.
/openidm/feature/groups?_action=validate	POST	Validates that any prerequisites to enable the groups feature are satisfied.
/openidm/feature/groups?_action=install	POST	Attempts to patch and install a tenant’s configuration to enable the groups feature.

URI

HTTP Operation

Description

/openidm/feature/groups

GET

Returns the status of the groups feature.

/openidm/feature/groups?_action=validate

POST

Validates that any prerequisites to enable the groups feature are satisfied.

/openidm/feature/groups?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the groups feature.

Password timestamps

Learn more in Password timestamps.

URI	HTTP Operation	Description
/openidm/feature/password/timestamps	GET	Returns the status of the password timestamp feature.
/openidm/feature/password/timestamps?_action=validate	POST	Validates that any prerequisites to enable the password timestamp feature are satisfied.
/openidm/feature/password/timestamps?_action=install	POST	Attempts to patch and install a tenant’s configuration to enable the password timestamp feature.

URI

HTTP Operation

Description

/openidm/feature/password/timestamps

GET

Returns the status of the password timestamp feature.

/openidm/feature/password/timestamps?_action=validate

POST

Validates that any prerequisites to enable the password timestamp feature are satisfied.

/openidm/feature/password/timestamps?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the password timestamp feature.

Additional indexed strings

The additional indexed strings feature adds 15 additional indexed strings to your tenant. You can install this feature using the feature endpoint. To do so:

Confirm that the feature is available by calling GET openidm/feature/indexed/strings/6thru20:

{
    "_id": "indexed/strings/6thru20",
    "installedVersion": null,
    "availableVersions": [
        "1"
    ]
}

Validate that the feature is installable by calling POST /openidm/feature/indexed/strings/6thru20?_action=validate:
```
{
    "status": 200,
    "success": true,
    "message": "Validate complete."
}
```
Install the feature by calling POST /openidm/feature/indexed/strings/6thru20?_action=install:
```
{
    "status": 200,
    "message": "Install complete."
}
```

Confirm that the feature is no longer installable by calling POST /openidm/feature/indexed/strings/6thru20?_action=validate:

{
    "status": 200,
    "success": false,
    "message": "Validate complete.config/repo.ds: frIndexedString6 must not already exist.",
}

URI	HTTP Operation	Description
/openidm/feature/indexed/strings/6thru20	GET	Returns the status of the additional indexed strings feature.
/openidm/feature/indexed/strings/6thru20?_action=validate	POST	Validates that the additional indexed strings feature is available to install.
/openidm/feature/indexed/strings/6thru20?_action=install	POST	Attempts to patch and install a tenant’s configuration to enable the additional indexed strings feature.

URI

HTTP Operation

Description

/openidm/feature/indexed/strings/6thru20

GET

Returns the status of the additional indexed strings feature.

/openidm/feature/indexed/strings/6thru20?_action=validate

POST

Validates that the additional indexed strings feature is available to install.

/openidm/feature/indexed/strings/6thru20?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the additional indexed strings feature.

Two-factor authentication (2FA) profile attributes

The two-factor authentication (2FA) profile attributes feature adds the following five multivalue (array) strings to existing Alpha and Bravo realm user identities in PingOne Advanced Identity Cloud:

deviceProfiles
devicePrintProfiles
webauthnDeviceProfiles
oathDeviceProfiles
pushDeviceProfiles

You can install this feature using the feature endpoint:

Confirm that the feature is available by calling GET openidm/feature/am/2fa/profiles:

{
  "_id": "am/2fa/profiles",
  "installedVersion": null,
  "availableVersions": [
    "1"
  ]
}

Validate that the feature is installable by calling POST /openidm/feature/am/2fa/profiles?_action=validate:
```
{
  "status": 200,
  "success": true,
  "message": "Validate complete."
}
```
Install the feature by calling POST /openidm/feature/am/2fa/profiles?_action=install:
```
{
  "status": 200,
  "message": "Install complete."
}
```

Confirm that the feature is no longer installable by calling POST /openidm/feature/am/2fa/profiles?_action=validate:

{
  "status": 200,
  "success": false,
  "message": "Validate complete.config/repo.ds: am2faProfiles must not already exist."
}

URI	HTTP Operation	Description
/openidm/feature/am/2fa/profiles	GET	Returns the status of the 2FA profile attributes feature.
/openidm/feature/am/2fa/profiles?_action=validate	POST	Validates that the 2FA profile attributes feature is available to install.
/openidm/feature/am/2fa/profiles?_action=install	POST	Attempts to patch and install a tenant’s configuration to enable the 2FA profile attributes feature.

URI

HTTP Operation

Description

/openidm/feature/am/2fa/profiles

GET

Returns the status of the 2FA profile attributes feature.

/openidm/feature/am/2fa/profiles?_action=validate

POST

Validates that the 2FA profile attributes feature is available to install.

/openidm/feature/am/2fa/profiles?_action=install

POST

Attempts to patch and install a tenant’s configuration to enable the 2FA profile attributes feature.