Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

PingOne Enterprise

Authentication & Authorization

Credentials

  • PingOne Enterprise connects via OAuth 2.0 with Client Credentials Grant Flow

  • Client ID and Client Secret credentials can be obtained through the PingOne Enterprise account (see the DataGrail Help Docs).

  • DataGrail uses Refresh Token Flow to periodically update Access Token after it expires to keep the connection alive.

  • Publicly exposing your API credentials can allow unauthorized access to the PingOne Enterprise API endpoints, and your PingOne Enterprise data by a third party. DataGrail stores your API credentials encrypted and protected.

Permissions

No special scopes required and used to connect API with related credentials.

Scopes

No special scopes required and used to connect API with related credentials.

Base URL

  • The request API URL consists of the hostname, API version and the Environment ID:

    • https://api.{HOSTNAME}/{API_VERSION}

  • Host name depends on the Region that the user selected in connection form.

  • Region and Environment ID can be obtained in the PingOne Enterprise website in Application settings (see the DataGrail Help Docs)

Endpoints Utilized

  • Get and refresh access token:

    • POST https://auth.{HOSTNAME}/{ENVIRONMENT_ID}/as/token

  • DataGrail uses the following endpoint to validate that connection is good based on a successful response:

    • GET {BASE_URL}/environments/{ENVIRONMENT_ID}/applications

Version

PingOne Enterprise integration currently supports API Version 1.0 (v1).

Limits

DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Access

For an access request, DataGrail will take the following actions:

  • Search users by the Data Subject email

  • For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.

Endpoints Utilized

  • GET {BASE_URL}/environments/{ENVIRONMENT_ID}/users

Deletion

For a deletion request, DataGrail will take the following actions:

  • Run all data access steps to find objects that can be deleted (see Access section above). You can select which found objects you want to delete via our Portal Requests.

Endpoints Utilized

  • DELETE {BASE_URL}/environments/{ENVIRONMENT_ID}/users/{USER_ID}

System Detection

DataGrail reads PingOne Enterprise sources, destinations and warehouses to detect new systems connected to your PingOne Enterprise account.

For an system detection requests, DataGrail will take the following actions:

Endpoints Utilized

  • GET {BASE_URL}/environments/{environment_id}/applications

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.