Skip to content

PingOne API Access Token

Service Name: PingOne

Service Description: PingOne is a cloud-based identity and access management (IAM) platform that provides single sign-on (SSO), multi-factor authentication (MFA), and API security services to help organizations secure their applications and data.

Service Address: https://www.pingidentity.com/en/platform/solutions/pingone-for-customers.html

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the environment level through PingOne's administrative console.

Secret Access Scope: Grants programmatic access to PingOne APIs, allowing management of users, applications, and identity services within a PingOne environment.

Secret Revokement URL: https://apidocs.pingidentity.com/pingone/platform/v1/api/#delete-access-token

Secret Example: eyJhbGciOiJSUzI1NiIsImtpZCI6IjEiLCJwaS5hdG0iOiJhYWx0In0.eyJzY29wZSI6InAx

Suspicious Activity Investigation Instructions:

  • Review PingOne audit logs for unusual API calls or authentication attempts.
  • Check for unexpected changes to user accounts, applications, or configurations.
  • Monitor for unusual geographic access patterns or access times.
  • Examine API request patterns for abnormal volume or unusual endpoints.
  • Review any changes to permissions or role assignments.

Mitigation Instructions:

  • Immediately revoke the compromised token through the PingOne administrative console or API.
  • Generate a new API access token with appropriate scopes.
  • Review and update IP allowlists to restrict access to trusted networks.
  • Implement token rotation policies to limit the lifetime of access tokens.
  • Consider implementing additional authentication factors for API access.
  • Review and update the scopes assigned to API tokens to follow the principle of least privilege.
  • Audit all actions performed with the compromised token to identify and remediate any unauthorized changes.