PingOne API Access Token
Service Name: PingOne
Service Description: PingOne is a cloud-based identity and access management (IAM) platform that provides single sign-on (SSO), multi-factor authentication (MFA), and API security services to help organizations secure their applications and data.
Service Address: https://www.pingidentity.com/en/platform/solutions/pingone-for-customers.html
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the environment level through PingOne's administrative console.
Secret Access Scope: Grants programmatic access to PingOne APIs, allowing management of users, applications, and identity services within a PingOne environment.
Secret Revokement URL: https://apidocs.pingidentity.com/pingone/platform/v1/api/#delete-access-token
Secret Example: eyJhbGciOiJSUzI1NiIsImtpZCI6IjEiLCJwaS5hdG0iOiJhYWx0In0.eyJzY29wZSI6InAx
Suspicious Activity Investigation Instructions:
- Review PingOne audit logs for unusual API calls or authentication attempts.
- Check for unexpected changes to user accounts, applications, or configurations.
- Monitor for unusual geographic access patterns or access times.
- Examine API request patterns for abnormal volume or unusual endpoints.
- Review any changes to permissions or role assignments.
Mitigation Instructions:
- Immediately revoke the compromised token through the PingOne administrative console or API.
- Generate a new API access token with appropriate scopes.
- Review and update IP allowlists to restrict access to trusted networks.
- Implement token rotation policies to limit the lifetime of access tokens.
- Consider implementing additional authentication factors for API access.
- Review and update the scopes assigned to API tokens to follow the principle of least privilege.
- Audit all actions performed with the compromised token to identify and remediate any unauthorized changes.