Enhanced Flexibility in PingFederate: Admin API Update for Individual Authn Policies
Published June 18, 2025
Insight summary and table of contents
Summary
Enhanced Flexibility in PingFederate: Admin API Update for Individual Authn Policies
PingFederate has recently released an exciting new feature. This update is a key improvement to the Admin API, allowing admins to update individual authentication policies without the need to replace the entire policy tree.
Let's explore the details and understand its significance.
Limitations in Policy Management
In PingFederate before v11.0, users were only able to retrieve and update the entire authentication policy tree using the existing API endpoints:
GET /authenticationPolicies/default
PUT /authenticationPolicies/default
While these endpoints provided access to the complete policy tree, they presented a big disadvantage. Making changes to a single policy within the tree had the potential to accidentally affect other policies, leading to unintended consequences and unnecessary complications.
The Need for a Better Solution
Recognizing these limitations, PingFederate now enables administrators to update individual policies, addressing the previously mentioned concerns. By providing granular control over policy management, PingFederate ensures more precise, safer modifications, reducing the risk of unintended policy changes and sync conflicts.
How It Works
To enable this function, PingFederate introduces new endpoints in its Admin API in addition to the existing endpoints. The existing endpoints for the whole policy tree remain available but now include individual policy IDs to support targeted updates.
Here's a brief overview of the new Admin API endpoint:
POST /authenticationPolicies/policy
This endpoint allows administrators to add a new authentication policy at the end of the policy tree. With this, policy management becomes more flexible and enables the seamless incorporation of new policies as per the organization's evolving requirements.
In addition to this new endpoint, the existing endpoints have been improved to include individual policy IDs:
GET /authenticationPolicies/policy/{id}
This endpoint facilitates the retrieval of an authentication policy based on its unique policy ID. Administrators can easily access specific policies for review or further analysis.
PUT /authenticationPolicies/policy/{id}
Through this endpoint, admins can update an individual authentication policy by specifying its policy ID. This granular approach helps administrators to make precise modifications, eliminating the need to replace the entire policy tree and minimizing the risk of unintentional changes.
DELETE /authenticationPolicies/policy/{id}
The final endpoint allows administrators to delete an authentication policy by providing its policy ID. This ensures a streamlined policy management process, enabling administrators to remove obsolete or redundant policies without affecting the rest of the tree.
4 Benefits of the New Admin API
The improved Admin API in PingFederate offers several benefits for administrators and organizations:
- Improved Policy Customization: Administrators can now customize authentication policies with greater precision, making specific changes without disrupting the entire policy tree.
- Easy Policy Import: The individual policy update feature simplifies the process of importing policies. Administrators can leverage policies that have proven effective elsewhere, saving time and effort in configuring policies from scratch.
- Stronger Policy Management: By focusing on individual policies, administrators can troubleshoot and debug specific policy configurations more efficiently. This targeted approach streamlines policy maintenance and reduces the potential impact on other policies.
- Reduced Risk of Errors: Updating individual policies minimizes the risk of inadvertently breaking other policies within the tree. Administrators can confidently make changes, knowing that the modifications will only impact the intended policy, resulting in a more stable and reliable authentication system.
What This Means for You
With the new Admin API endpoints introduced in PingFederate, administrators can enjoy greater flexibility and control over authentication policy management. The ability to update individual policies empowers administrators to make specific changes while minimizing the risk of unintended consequences.
By addressing synchronization conflicts and enabling easier policy imports, PingFederate provides a more efficient and robust identity and access management solution.