Instruction:
* **What it is:**
* REST API for configuring and managing your PingOne For Customers organization
Please note that this documentation points to **PROD**, which is out of scope for this engagement. To access the ORT environment URLs will have to be appended with -staging like the console link above.
Instruction: * **What it is:**
* Cloudfront distribution for the PingOne for Customers login/authentication flow orchestration and self-service account/profile management user interfaces
* **What it does:**
* Provides user interface for administrators to configure authentication flows and assign different authentication policies
* Provides interface for end users to manage their account profiles and settings
Instruction: * **What it is:**
* Administrative console to the PingOne For Customers platform that manages user access, authentication types, and connected applications.
* **Here's how to add an application to your PingOne For Customer environment:**
https://youtu.be/TBA5VTfnsSE
* **Sample client-side app (Please note that the content of the github repository is out of scope):**
https://github.com/pingidentity/pingone-customers-sample-oidc
* **What it does:**
* Allows administrators to configure authentication workflows and assign different authentication policies (SAML, OAuth2, and OpenID Connect are supported) to each of your applications.
* Supports Single-Sign-On (SSO) and Multi-Factor Authentication (MFA) across all connected applications.
* Offers robust user-management capabilities.
Integrity requirements: high
Max severity: critical
Asset identifier: https://ort-admin.pingone.com/*
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
* **What it is:**
* Administrative web portal for PingOne For Enterprise (P14E)
* **What it does:**
* Allows P14E administrators to manage all aspects of their enterprise user accounts
Instruction:
* **What it is:**
* Multi-factor Authentication (MFA) authenticator service
* MFA is configured via the PingOne Desktop > Devices > My Device > Add.
* Ping Authenticator used for Multi-Factor Authentication (MFA)
* The authenticator is a service which provides multi-factor via PingID mobile applications available in the iTunes and Android app stores, Yubikey Series 4, PingID Desktop apps for OS X and Windows, or email.
* The authenticator service is a back-end hosted service.
* The client MFA applications are not in scope but the protocol data and authenticator service are, this includes requests and responses.
* **What it does:**
* Employs MFA (typically [PingID](https://www.pingidentity.com/en/cloud/pingid.html)) to authenticate users and then pass control back to PingOne for Enterprise
Instruction:
* **What it is:**
* Central hub of Ping One For Enterprise, a cloud-based dock that provides users with secure SSO access to an expansive library of applications
* **What it does:**
* Provides many pre-existing integrations with popular SaaS applications
* Leverages SAML, OIDC and other secure identity standards to integrate with any other cloud-based applications
Provides the option of storing user identity data in PingOne’s cloud directory
